cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Kulp <dk...@apache.org>
Subject Re: CXF client - how to dynamically set user/password at runtime
Date Tue, 15 Oct 2013 14:39:14 GMT

> 
>  <jaxws:client id="WorkListServiceProxyFactory"
> 
>    name="{http://services.brm.n2.tibco.com}WorkListService_EP"
> 
>    serviceClass="com.tibco.n2.brm.services.WorkListService" address="
> http://192.168.2.213:8080/amxbpm/WorkListService">
> 
> 
>    <jaxws:properties>
> 
> 
>      <entry key="ws-security.username" value="tibco-admin" />
> 
>      <entry key="ws-security.callback-handler"
> 
>        value=
> "com.mansonthomas.amxbpm.customwebapp.services.amxbpm.security.PasswordCallbackHandler"
> />
> 
>    </jaxws:properties>
> 
>  </jaxws:client>
> 
> </beans>
> 
> and no soap headers:


This configuration will ONLY work if your WSDL contains a ws-security policy fragment that
defines a username token policy in it.   In addition, you would NEED to add a wsdlLocation
item onto the jaxws:client for the wsdl to be picked up.  Right now, with that configuration,
it doesn't know to even apply any security stuff at all.




Dan





On Oct 15, 2013, at 5:17 AM, Thomas Manson <dev.mansonthomas@gmail.com> wrote:

> Colm,
> 
> honestly i'm really getting mad and sick of this security stuff.
> I'm blocked on this for sooo long now  and don't work on the actual stuff I
> should do.
> 
> I was pushing CXF as I did had good experience on it before, but I'm now
> considering to move to something else... I really need to get the thing
> done, anyhow.
> 
> 
>> If you have a WS-SecurityPolicy in operation
> I don't understand this.
> if you mean that the wsdl should contain some stuff, I don't think so,
> maybe beacuse it allow username token, SAML (sendervoucher) and X509 and
> that all samples I've tried do not work.
> 
> the only actual code that did send the SOAP header is
> 
> this code :
> 
> ###############################################################################################
> 
> JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
> 
>    factory.setServiceClass(WorkListService.class);
> 
>    factory.setAddress(this.endpoint);
> 
>    //
> factory.setWsdlLocation("D:/ARTIC/SOURCE/artic/trunk/webapp/src/main/webapp/WSDL/brm.wsdl");
> 
>    factory.setServiceName(new QName("http://services.brm.n2.tibco.com",
> "WorkListService"));
> 
>    this.workListService = (WorkListService) factory.create();
> 
> 
>    Client client = ClientProxy.getClient(this.workListService);
> 
> 
>    Map<String, Object> properties = new HashMap<String, Object>();
> 
>    properties.put(WSHandlerConstants.ACTION          , WSHandlerConstants.
> USERNAME_TOKEN);
> 
>    properties.put(WSHandlerConstants.USER            , this.username);
> 
>    properties.put(WSHandlerConstants.PASSWORD_TYPE   , WSConstants.PW_TEXT
> );// "PasswordDigest"
> 
>    properties.put(WSHandlerConstants.PW_CALLBACK_REF ,
> newPasswordCallbackHandler(
> "secret"));
> 
> 
>    client.getOutInterceptors().add(new WSS4JOutInterceptor(properties));
> 
> 
>    HTTPConduit conduit = (HTTPConduit) client.getConduit();
> 
> 
>    long timeoutMillis = this.timeout * 1000;
> 
> 
>    HTTPClientPolicy policy = new HTTPClientPolicy();
> 
>    policy.setConnectionTimeout(timeoutMillis);
> 
>    policy.setReceiveTimeout(timeoutMillis);
> 
> 
>    conduit.setClient(policy);
> ###############################################################################################
> 
> 
> I'm just trying to get the basic thing to work :
> 
> Configure the client with spring, inject it into another bean and use it
> and even that do not work.
> 
> 
> I'm just having the same spring code in all samples, I can't get why it
> doesn't send the security headers.
> 
> 
> 
> 
> 
> 
> 
> <?xml version="1.0" encoding="UTF-8"?>
> 
> <beans xmlns="http://www.springframework.org/schema/beans"
> 
>  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="
> http://cxf.apache.org/jaxws"
> 
> 
>  xmlns:cxf="http://cxf.apache.org/core" xmlns:p="
> http://cxf.apache.org/policy"
> 
> 
>  xsi:schemaLocation="
> 
>      http://www.springframework.org/schema/beans
> 
>      http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
> 
>      http://cxf.apache.org/jaxws
> 
>      http://cxf.apache.org/schemas/jaxws.xsd
> 
>      http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
> 
>      ">
> 
> 
> 
> 
>  <cxf:bus>
> 
>    <cxf:features>
> 
>      <p:policies />
> 
>      <cxf:logging />
> 
>    </cxf:features>
> 
>  </cxf:bus>
> 
> 
> 
> 
>  <jaxws:client id="WorkListServiceProxyFactory"
> 
>    name="{http://services.brm.n2.tibco.com}WorkListService_EP"
> 
>    serviceClass="com.tibco.n2.brm.services.WorkListService" address="
> http://192.168.2.213:8080/amxbpm/WorkListService">
> 
> 
>    <jaxws:properties>
> 
> 
>      <entry key="ws-security.username" value="tibco-admin" />
> 
>      <entry key="ws-security.callback-handler"
> 
>        value=
> "com.mansonthomas.amxbpm.customwebapp.services.amxbpm.security.PasswordCallbackHandler"
> />
> 
>    </jaxws:properties>
> 
>  </jaxws:client>
> 
> </beans>
> 
> and no soap headers:
> 
> 
> INFO: Creating Service {http://services.brm.n2.tibco.com}WorkListServiceService
> from class com.tibco.n2.brm.services.WorkListService
> 
> oct. 15, 2013 10:52:41 AM
> org.apache.cxf.services.WorkListServiceService.WorkListServicePort.WorkListService
> 
> INFO: Outbound Message
> 
> ---------------------------
> 
> ID: 1
> 
> Address: http://192.168.2.213:8080/amxbpm/WorkListService
> 
> Encoding: UTF-8
> 
> Http-Method: POST
> 
> Content-Type: text/xml
> 
> Headers: {Accept=[*/*], SOAPAction=["getWorkListItems"]}
> 
> Payload: <soap:Envelope xmlns:soap="
> http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><ns2:getWorkListItems
> xmlns:ns2="http://api.brm.n2.tibco.com" xmlns:ns3="
> http://exception.api.brm.n2.tibco.com" xmlns:ns4="
> http://exception.api.common.n2.tibco.com" xmlns:ns5="
> http://exception.api.de.n2.tibco.com" xmlns:ns6="
> http://www.tibco.com/XPD/ScriptDescriptor/" startPosition="0"
> numberOfItems="10" getTotalCount="true"><entityID entity-type="RESOURCE"
> guid="tibco-admin"
> model-version="-1"/><orderFilterCriteria/></ns2:getWorkListItems></soap:Body></soap:Envelope>
> 
> --------------------------------------
> 
> oct. 15, 2013 10:52:41 AM
> org.apache.cxf.services.WorkListServiceService.WorkListServicePort.WorkListService
> 
> INFO: Inbound Message
> 
> ----------------------------
> 
> ID: 1
> 
> Response-Code: 500
> 
> Encoding: UTF-8
> 
> Content-Type: text/xml; charset=utf-8
> 
> Headers: {Content-Length=[605], content-type=[text/xml; charset=utf-8],
> Date=[Tue, 15 Oct 2013 14:50:18 GMT], Expires=[Thu, 01 Jan 1970 00:00:00
> GMT], Set-Cookie=[JSESSIONID=eflukkvn7glfvw8s53n2228;Path=/amxbpm;HttpOnly]}
> 
> Payload: <?xml version="1.0" encoding="UTF-8"?>
> 
> <SOAP-ENV:Envelope
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode>SOAP-ENV:Server</faultcode><faultstring>Authentication
> Failed. AuthNSAML20Principal set in Subject is null or
> empty.</faultstring><faultactor>DefaultRole</faultactor><detail><tibco:myFaultDetail
> xmlns:tibco="http://tibcouri/
> ">com.tibco.amf.spline.api.context.SplineMessagingException: Authentication
> Failed. AuthNSAML20Principal set in Subject is null or empty.
> 
> </tibco:myFaultDetail></detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>
> 
> --------------------------------------
> 
> 2013-10-15 10:52:41,915 - ERROR - localhost-startStop-1 (
> WorkListServiceImpl4.java:81) - Error while getting worklistItems for
> WorkListItemQuery [username=tibco-admin, userGUID=tibco-admin, start=0,
> numberOfItems=10, filter=null, order=null]
> 
> javax.xml.ws.soap.SOAPFaultException: Authentication Failed.
> AuthNSAML20Principal set in Subject is null or empty.
> 
> at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:156)
> 
> at com.sun.proxy.$Proxy57.getWorkListItems(Unknown Source)
> 
> 
> 
> 
> 
> 
> 
> 
> 
> On Tue, Oct 15, 2013 at 11:04 AM, Colm O hEigeartaigh
> <coheigea@apache.org>wrote:
> 
>> If you have a WS-SecurityPolicy in operation, it will take care of adding
>> the correct headers, once you supply it with the correct information
>> (username, password, etc.). Please take a look at the ws-security-examples
>> systests to see how it all works.
>> 
>> Colm.
>> 
>> 
>> On Mon, Oct 14, 2013 at 10:27 PM, Thomas Manson <
>> dev.mansonthomas@gmail.com> wrote:
>> 
>>> Hi Colm,
>>> 
>>> I will resume work on this subject tomorrow.
>>> 
>>> So I'm in a situation where there's no soap header setted, and the
>>> spring configuraiton seems to be ignored (which would be quite logical as
>>> we don't use it in the java code, just rebuiling all ourselves.)
>>> 
>>> So how can I make sure the soap header is setted in my request? How can I
>>> set the authentication type (username/password plain) ?
>>> 
>>> Thanks,
>>> Thomas.
>>> 
>>> 
>>> On Mon, Oct 7, 2013 at 11:23 AM, Thomas Manson <
>>> dev.mansonthomas@gmail.com> wrote:
>>> 
>>>> Hi Colm,
>>>> 
>>>> If I remove the <jaxws:client  element, it still work as before, so I
>>>> guess this client xml declaration is not taken into account as we're just
>>>> programmatically re-doing what the spring configuration does...
>>>> 
>>>> As I stated earlier, I'm already in a spring context (J2EE Spring MVC
>>>> application), that's why I don't understand the BusFactory need to be given
>>>> the spring xml file.
>>>> 
>>>> I've understood that while seeing that the endpoint was not taken into
>>>> account (thanks to my Virtual machine that changes of IP each time I resume
>>>> my mac).
>>>> 
>>>> So I'll focus to make it work programmatically first, then figure out
>>>> how to use the spring XML configurations files and finally try to use my
>>>> own generated WS Client instead of generating it on the fly.
>>>> 
>>>> 
>>>> For now, I'm still blocked on enabling a security policy on the client
>>>> side programmatically.
>>>> For instance, my password callback handler is not taken into account,
>>>> as it's not called at all.
>>>> 
>>>> (the method  public void handle(Callback[] callbacks) throwsIOException,
UnsupportedCallbackException  is not called)
>>>> 
>>>> 
>>>>  I programmatically specify it as follow (full code at the end of the
>>>> mail):
>>>> 
>>>> *this*.workListService = service.getPort(portQName, WorkListService.*
>>>> class*);
>>>> 
>>>> ((BindingProvider)*this*.workListService
>>>> ).getRequestContext().put(BindingProvider.*ENDPOINT_ADDRESS_PROPERTY*, "
>>>> http://192.168.2.213:8080/amxbpm/WorkListService");
>>>> 
>>>> //I've also tryed by just specificying a class name, but don't work
>>>> either.
>>>> 
>>>> PasswordCallbackHandler passwordCallbackHandler = *new*PasswordCallbackHandler(
>>>> "secret");
>>>> ((BindingProvider)*this*.workListService
>>>> ).getRequestContext().put(SecurityConstants.*CALLBACK_HANDLER*,
>>>> passwordCallbackHandler);
>>>> 
>>>> 
>>>> 
>>>> 
>>>> In the CXF samples, it's done like this:
>>>> 
>>>>  <jaxws:client name=*"{
>>>> http://www.example.org/contract/DoubleIt}DoubleItPlaintextPrincipalPort"
>>>> *
>>>>                  createdFromAPI=*"true"*>
>>>>       <jaxws:properties>
>>>>           <entry key=*"ws-security.callback-handler"
>>>> *
>>>>                  value=*
>>>> "org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback"*/>
>>>>       </jaxws:properties>
>>>>    </jaxws:client>
>>>> 
>>>> 
>>>> So I wonder what I miss...
>>>> 
>>>> Thomas.
>>>> 
>>>> 
>>>> package com.mansonthomas.amxbpm.customwebapp.services.amxbpm;
>>>> 
>>>> import java.net.URL;
>>>> import java.util.ArrayList;
>>>> import java.util.List;
>>>> 
>>>> import javax.xml.namespace.QName;
>>>> import javax.xml.transform.Source;
>>>> import javax.xml.ws.BindingProvider;
>>>> import javax.xml.ws.EndpointReference;
>>>> import javax.xml.ws.Service;
>>>> import javax.xml.ws.WebServiceFeature;
>>>> import javax.xml.ws.wsaddressing.W3CEndpointReference;
>>>> import javax.xml.ws.wsaddressing.W3CEndpointReferenceBuilder;
>>>> 
>>>> import org.apache.commons.logging.Log;
>>>> import org.apache.commons.logging.LogFactory;
>>>> import org.apache.cxf.Bus;
>>>> import org.apache.cxf.bus.spring.SpringBusFactory;
>>>> import org.apache.cxf.endpoint.Client;
>>>> import org.apache.cxf.ws.security.SecurityConstants;
>>>> import org.springframework.beans.factory.InitializingBean;
>>>> 
>>>> import com.mansonthomas.amxbpm.customwebapp.model.WorkItemFwk;
>>>> import com.mansonthomas.amxbpm.customwebapp.model.WorkListItemQuery;
>>>> import
>>>> com.mansonthomas.amxbpm.customwebapp.services.amxbpm.context.ContextService;
>>>> import
>>>> com.mansonthomas.amxbpm.customwebapp.services.amxbpm.mapper.WorkItemMapper;
>>>> import
>>>> com.mansonthomas.amxbpm.customwebapp.services.amxbpm.security.PasswordCallbackHandler;
>>>> import com.tibco.n2.brm.api.GetWorkListItems;
>>>> import com.tibco.n2.brm.api.GetWorkListItemsResponse;
>>>> import com.tibco.n2.brm.api.OrderFilterCriteria;
>>>> import com.tibco.n2.brm.api.WorkItem;
>>>> import com.tibco.n2.brm.services.WorkListService;
>>>> import com.tibco.n2.common.organisation.api.OrganisationalEntityType;
>>>> import com.tibco.n2.common.organisation.api.XmlModelEntityId;
>>>> 
>>>> public class WorkListServiceImpl2 implements WorkListFwkService,
>>>> InitializingBean
>>>> {
>>>> 
>>>>  private static final Log           logger       =
>>>> LogFactory.getLog(WorkListServiceImpl2.class);
>>>> 
>>>> 
>>>> 
>>>>  private WorkListService workListService = null;
>>>>  private  ContextService contextService = null;
>>>> 
>>>>  public WorkListServiceImpl2( ContextService contextService) throws
>>>> Exception
>>>>  {
>>>>    this.contextService = contextService;
>>>> 
>>>>    SpringBusFactory bf = new SpringBusFactory();
>>>>    URL busFile =
>>>> this.contextService.getResource("/WEB-INF/spring/webservices2.xml");
>>>> 
>>>>    Bus bus = bf.createBus(busFile.toString());
>>>>    SpringBusFactory.setDefaultBus(bus);
>>>>    SpringBusFactory.setThreadDefaultBus(bus);
>>>> 
>>>>    URL     wsdl      =
>>>> this.contextService.getResource("/wsdl/brm.wsdl");
>>>> 
>>>>    Service service   = Service.create(wsdl, new QName("
>>>> http://services.brm.n2.tibco.com","WorkListService"));
>>>> 
>>>>    QName   portQName = new QName("http://services.brm.n2.tibco.com",
>>>> "WorkListService_EP");
>>>> 
>>>>    this.workListService = service.getPort(portQName,
>>>> WorkListService.class);
>>>> 
>>>> 
>>>> ((BindingProvider)this.workListService).getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
>>>> "http://192.168.2.213:8080/amxbpm/WorkListService");
>>>> 
>>>>    PasswordCallbackHandler passwordCallbackHandler = new
>>>> PasswordCallbackHandler("secret");
>>>> 
>>>> 
>>>> ((BindingProvider)this.workListService).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER,
>>>> passwordCallbackHandler);
>>>> 
>>>> 
>>>>  }
>>>> 
>>>>  public List<WorkItemFwk> getWorkListItems(String username,
>>>> WorkListItemQuery workListItemQuery)
>>>>  {
>>>>    XmlModelEntityId entityId = new XmlModelEntityId();
>>>>    entityId.setGuid(workListItemQuery.getUserGUID());
>>>>    entityId.setEntityType(OrganisationalEntityType.RESOURCE);
>>>>    entityId.setModelVersion(-1);
>>>> 
>>>>    GetWorkListItems getWorkListItems = new GetWorkListItems();
>>>> 
>>>>    getWorkListItems.setGetTotalCount       (true);
>>>>    getWorkListItems.setEntityID            (entityId);
>>>>    getWorkListItems.setStartPosition
>>>> (workListItemQuery.getStart());
>>>>    getWorkListItems.setNumberOfItems
>>>> (workListItemQuery.getNumberOfItems());
>>>>    getWorkListItems.setOrderFilterCriteria (new OrderFilterCriteria());
>>>> 
>>>>    GetWorkListItemsResponse getWorkListItemsResponse = null;
>>>> 
>>>>     try
>>>>    {
>>>> 
>>>> ((BindingProvider)this.workListService).getRequestContext().put("thread.local.request.context",
>>>> "true");
>>>> 
>>>> ((BindingProvider)this.workListService).getRequestContext().put(SecurityConstants.USERNAME,
>>>> username);
>>>> 
>>>>      getWorkListItemsResponse =
>>>> this.workListService.getWorkListItems(getWorkListItems);
>>>>    }
>>>>    catch(Exception e)
>>>>    {
>>>>      logger.error("Error while getting worklistItems for
>>>> "+workListItemQuery.toString(),e);
>>>>    }
>>>> 
>>>> 
>>>> 
>>>>    if(getWorkListItemsResponse == null)
>>>>    {
>>>>      logger.error("recieve a null response while getting worklistItems
>>>> for "+workListItemQuery.toString());
>>>>      return new ArrayList<WorkItemFwk>(0);
>>>>    }
>>>> 
>>>>    List<WorkItem>    workitems       =
>>>> getWorkListItemsResponse.getWorkItems();
>>>>    List<WorkItemFwk> workListItemFwk = new
>>>> ArrayList<WorkItemFwk>(workitems.size());
>>>> 
>>>> 
>>>>    int i = 0;
>>>>    for (WorkItem workItem : workitems)
>>>>    {
>>>>      workListItemFwk.add(WorkItemMapper.map(workItem, i++));
>>>>    }
>>>>    return workListItemFwk;
>>>>  }
>>>> 
>>>>  @Override
>>>>  public void afterPropertiesSet() throws Exception
>>>>  {
>>>> 
>>>>    WorkListItemQuery workListItemQuery = new WorkListItemQuery();
>>>> 
>>>>    workListItemQuery.setStart(0l);
>>>>    workListItemQuery.setNumberOfItems(10l);
>>>>    workListItemQuery.setUsername("tibco-admin");
>>>>    workListItemQuery.setUserGUID("tibco-admin");
>>>> 
>>>>    this.getWorkListItems("tibc-admin", workListItemQuery);
>>>> 
>>>>  }
>>>> 
>>>> }
>>>> 
>>>> 
>>>> 
>>>> 
>>> 
>> 
>> 
>> --
>> Colm O hEigeartaigh
>> 
>> Talend Community Coder
>> http://coders.talend.com
>> 

-- 
Daniel Kulp
dkulp@apache.org - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com


Mime
View raw message