cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thomas Manson <dev.mansontho...@gmail.com>
Subject Re: CXF client - how to dynamically set user/password at runtime
Date Wed, 02 Oct 2013 11:27:14 GMT
I forgot to include the webservice2.xml file :



<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:jaxws="http://cxf.apache.org/jaxws"

  xmlns:cxf="http://cxf.apache.org/core"
  xmlns:p="http://cxf.apache.org/policy"

  xsi:schemaLocation="
      http://www.springframework.org/schema/beans
      http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
      http://cxf.apache.org/jaxws
      http://cxf.apache.org/schemas/jaxws.xsd
      http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
      ">



    <cxf:bus>
        <cxf:features>
            <p:policies/>
            <cxf:logging/>
        </cxf:features>
    </cxf:bus>


   <jaxws:client
              id="WorkListServiceProxyFactory"
            name="{http://services.brm.n2.tibco.com}WorkListService_EP"
    serviceClass="com.tibco.n2.brm.services.WorkListService"
         address="http://192.168.2.212:8080/amxbpm/WorkListService">

     <jaxws:properties>
        <entry key="ws-security.callback-handler"

 value="com.mansonthomas.amxbpm.customwebapp.services.amxbpm.security.PasswordCallbackHandler"
/>
      </jaxws:properties>
  </jaxws:client>

</beans>


On Wed, Oct 2, 2013 at 12:37 PM, Thomas Manson
<dev.mansonthomas@gmail.com>wrote:

> Hi Colm,
>
>   I can't make it work while I'm exactly in the configuration you're
> suggesting (and that is in the example you gave me) and I don't get what I
> miss :
>
> So in my spring bean, I initialize as suggested the WebService :
>
>
>
> ###################################################################################
> public WorkListServiceImpl2( ContextService contextService) throws
> Exception
> {
>   this.contextService = contextService;
>
>   SpringBusFactory bf = new SpringBusFactory();
>   URL busFile =
> this.contextService.getResource("/WEB-INF/spring/webservices2.xml");
>
>   Bus bus = bf.createBus(busFile.toString());
>   SpringBusFactory.setDefaultBus(bus);
>   SpringBusFactory.setThreadDefaultBus(bus);
>
>   URL     wsdl      = this.contextService.getResource("/wsdl/brm.wsdl");
>
>   Service service   = Service.create(wsdl, new QName("
> http://services.brm.n2.tibco.com","WorkListService"));
>   QName   portQName = new QName("http://services.brm.n2.tibco.com",
> "WorkListService_EP");
>
>   this.workListService = service.getPort(portQName, WorkListService.class);
>
> }
>
> ###################################################################################
>
> I use afterPropertySet() of Spring to call the webservice right after
> Spring init.
>
>
> ###################################################################################
> public List<WorkItemFwk> getWorkListItems(String username,
> WorkListItemQuery workListItemQuery)
> {
> //... init this object : getWorkListItems
> try
> {
>
> ((BindingProvider)this.workListService).getRequestContext().put("thread.local.request.context",
> "true");
>
> ((BindingProvider)this.workListService).getRequestContext().put(SecurityConstants.USERNAME,
> username);
>
>   getWorkListItemsResponse =
> this.workListService.getWorkListItems(getWorkListItems);
> }
> catch(Exception e)
> {
>   logger.error("Error while getting worklistItems for
> "+workListItemQuery.toString(),e);
> }
>
> ###################################################################################
>
> And yet there's no SOAP header set in the request:
>
>
>  oct. 02, 2013 12:28:11 PM
> org.apache.cxf.services.WorkListService.WorkListService_EP.WorkListService
> INFO: Outbound Message
> ---------------------------
> ID: 1
> Address: http://192.168.2.212:8080/amxbpm/WorkListService
> Encoding: UTF-8
> Http-Method: POST
> Content-Type: text/xml
> Headers: {Accept=[*/*], SOAPAction=["getWorkListItems"]}
> Payload: <soap:Envelope xmlns:soap="
> http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><ns2:getWorkListItems
> xmlns:ns2="http://api.brm.n2.tibco.com" xmlns:ns3="
> http://exception.api.brm.n2.tibco.com" xmlns:ns4="
> http://exception.api.common.n2.tibco.com" xmlns:ns5="
> http://www.tibco.com/XPD/ScriptDescriptor/" xmlns:ns6="
> http://exception.api.de.n2.tibco.com" startPosition="0"
> numberOfItems="10" getTotalCount="true"><entityID entity-type="RESOURCE"
> guid="tibco-admin"
> model-version="-1"/><orderFilterCriteria/></ns2:getWorkListItems></soap:Body></soap:Envelope>
> --------------------------------------
>
> So I get the following expection :
>
> javax.xml.ws.soap.SOAPFaultException: Authentication Failed.
> AuthNSAML20Principal set in Subject is null or empty.
>
>
> oct. 02, 2013 12:28:11 PM
> org.apache.cxf.services.WorkListService.WorkListService_EP.WorkListService
> INFO: Inbound Message
> ----------------------------
> ID: 1
> Response-Code: 500
> Encoding: UTF-8
> Content-Type: text/xml; charset=utf-8
> Headers: {Content-Length=[605], content-type=[text/xml; charset=utf-8],
> Date=[Wed, 02 Oct 2013 10:27:43 GMT], Expires=[Thu, 01 Jan 1970 00:00:00
> GMT],
> Set-Cookie=[JSESSIONID=1houdu4luwh4caof40jy2d8x6;Path=/amxbpm;HttpOnly]}
> Payload: <?xml version="1.0" encoding="UTF-8"?>
> <SOAP-ENV:Envelope xmlns:SOAP-ENV="
> http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode>SOAP-ENV:Server</faultcode><faultstring>Authentication
> Failed. AuthNSAML20Principal set in Subject is null or
> empty.</faultstring><faultactor>DefaultRole</faultactor><detail><tibco:myFaultDetail
> xmlns:tibco="http://tibcouri/">com.tibco.amf.spline.api.context.SplineMessagingException:
> Authentication Failed. AuthNSAML20Principal set in Subject is null or empty.
>
> </tibco:myFaultDetail></detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>
> --------------------------------------
>
>
>
>
> Any idea before I jump through the window ? ;)
>
> Thanks,
> Thomas.
>
>
>
>
> On Thu, Sep 26, 2013 at 4:36 PM, Thomas Manson <dev.mansonthomas@gmail.com
> > wrote:
>
>> Hi Colm,
>>
>> I know I'm probably exasperating you with my dumb questions, but I really
>> need help...
>>
>>
>>   So reading the FAQ, I understand that we're thread safe if we use :
>>
>>   ((BindingProvider)proxy).getRequestContext().put(
>> "thread.local.request.context", "true");
>>
>> before calling
>>
>> ((BindingProvider)*this*.workListService
>> ).getRequestContext().put(SecurityConstants.*USERNAME*, "Alice");
>>
>> Right ?
>>
>>
>> With the JaxWSClient,  I've tried to use
>>
>>
>> ((BindingProvider)utPort).getRequestContext().put(SecurityConstants.USERNAME,
>> "Alice");
>>
>> and it didn't had any effect... (I was making subsequent call, and
>> changing the username)
>>
>> The web service response was the same for the two user, while one should
>> have replied an empty response.
>>
>> *    try
>> *    {
>>       ((BindingProvider)*this*.workListService
>> ).getRequestContext().put(SecurityConstants.*USERNAME*, username);
>>       getWorkListItemsResponse = *this*.workListService
>> .getWorkListItems(getWorkListItems);
>>     }
>>     *catch*(Exception e)
>>     {
>>       *logger*.error("Error while getting worklistItems for "
>> +workListItemQuery.toString());
>>     }
>>
>> Did I miss somehting ?
>>
>>
>>
>> One other thing I did understand in the meantime, is that, by using
>>
>>     JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
>>     factory.setServiceClass(WorkListService.class);
>>     factory.setAddress(this.endpoint);
>>     //
>> factory.setWsdlLocation("D:/ARTIC/SOURCE/artic/trunk/webapp/src/main/webapp/WSDL/brm.wsdl");
>>     factory.setServiceName(new QName("http://services.brm.n2.tibco.com",
>> "WorkListService"));
>>
>> Or
>>
>>     SpringBusFactory bf = new SpringBusFactory();
>>     URL busFile = WorkListServiceImpl2.class.getResource("client.xml");
>>
>>      Bus bus = bf.createBus(busFile.toString());
>>     SpringBusFactory.setDefaultBus(bus);
>>     SpringBusFactory.setThreadDefaultBus(bus);
>>
>>     URL wsdl = WorkListServiceImpl2.class.getResource(
>> "/Users/tmanson/Dropbox/crf/AMXBPM-2.1-WS-Client/src/main/resources/brm.wsdl"
>> );
>>     Service service = Service.create(wsdl, new QName("
>> http://api.brm.n2.tibco.com", "WorkListService"));
>>     QName portQName = new QName("http://services.brm.n2.tibco.com",
>> "WorkListService_EP");
>>     this.workListService =
>>             service.getPort(portQName, WorkListService.class);
>>
>> etc...
>>
>> we ask CXF to generate on the fly the WS Client, is it correct?
>>
>>
>> Now I've already generated a client (with CXF/Ant), which I want to
>> invoke instead with this code  :
>>
>> WorkListService_Service proxy = *new* WorkListService_Service(*new* URL("
>> http://localhost:8080/amxbpm-web/wsdl/brm.wsdl"),
>>         *new* QName("http://services.brm.n2.tibco.com","WorkListService"
>> ));
>> *this*.workListService = proxy.getPort( *new* QName("
>> http://services.brm.n2.tibco.com", "WorkListService_EP"),
>> WorkListService.*class*);
>>
>>  I wonder how it can be used in conjonction with this code, and How
>> should I handle the authentication part...:
>>
>> SpringBusFactory bf = *new* SpringBusFactory();
>> URL busFile = WorkListServiceImpl2.*class*.getResource("client.xml");
>> Bus bus = bf.createBus(busFile.toString());
>> SpringBusFactory.*setDefaultBus*(bus);
>> SpringBusFactory.*setThreadDefaultBus*(bus);
>>
>>
>> I still dont get what file should I put instead of client.xml as I'm
>> already in a spring context, should I specify the file where I define my
>> bean already ?
>> it's quite confusing...
>>
>>
>> Thomas.
>>
>>
>> On Wed, Sep 25, 2013 at 3:36 PM, Colm O hEigeartaigh <coheigea@apache.org
>> > wrote:
>>
>>> > Is it thread safe ?
>>>
>>> http://cxf.apache.org/faq.html#FAQ-AreJAXWSclientproxiesthreadsafe%3F
>>>
>>> All you need is a JAX-WS client proxy, how you obtain one or set up your
>>> project is up to you...
>>>
>>> Colm.
>>>
>>>
>>> On Tue, Sep 24, 2013 at 2:07 PM, Thomas Manson
>>> <dev.mansonthomas@gmail.com>wrote:
>>>
>>> > Hi Colm,
>>> >
>>> >   I'm starting to understand that it's another way to configure the
>>> client.
>>> >
>>> >   I've two questions :
>>> >
>>> >    - Is it thread safe ?
>>> >    I guess that it is as I see that the ServiceBus specify a Thread.
>>> >    In a J2EE context, should I specify something else than
>>> >    SpringBusFactory.setThreadDefaultBus(bus); ?
>>> >
>>> >
>>> >    - I'm a bit puzzled by the configuration:
>>> >
>>> >
>>> > SpringBusFactory bf = new SpringBusFactory();
>>> > URL busFile = UsernameTokenTest.class.getResource("client/client.xml");
>>> >
>>> >
>>> > This code load a Spring configuration file, while I already have mine +
>>> > the client.xml configuration has some cxf:bus definition (is it the
>>> same
>>> > thing ? SringBusFactory & cxf:bus ?).
>>> >
>>> >  So I wonder I can't just use this code in an existing spring context,
>>> How
>>> > should I transpose this within an existing spring context?
>>> >
>>> >
>>> >  How I think it would work is :
>>> >
>>> >
>>> >    - Use your way to setup SpringBus and the Client
>>> >    - Have a Spring class X that has the WS Client as dependency
>>> >    - X implement each method of the WS(+some additional business logic)
>>> >    and set the username dynamically <= I still don't know how to do
>>> this...
>>> >
>>> >  Is it the correct way ?
>>> >
>>> > Thomas.
>>> >
>>> > Here is my current work in progress spring file
>>> >
>>> > <beans xmlns="http://www.springframework.org/schema/beans"
>>> >
>>> >   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:cxf="
>>> > http://cxf.apache.org/core"
>>> >   xsi:schemaLocation="
>>> > http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
>>> > http://www.springframework.org/schema/beans
>>> > http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
>>> >
>>> >
>>> >   <cxf:bus>
>>> >     <cxf:features>
>>> >        <cxf:logging />
>>> >     </cxf:features>
>>> >   </cxf:bus>
>>> >
>>> >
>>> >
>>> > <!--
>>> >
>>> /Users/tmanson/Dropbox/crf/AMXBPM-2.1-WS-Client/src/main/resources/de.wsdl
>>> > -->
>>> >   <jaxws:client
>>> >             name="{http://services.brm.n2.tibco.com
>>> }EntityResolverService"
>>> >
>>> >
>>> wsdlLocation="/Users/tmanson/Dropbox/crf/AMXBPM-2.1-WS-Client/src/main/resources/de.wsdl"
>>> >     serviceClass="com.tibco.n2.de.services.EntityResolverService"
>>> >          address="
>>> http://192.168.2.202:8080/amxbpm/EntityResolverService"
>>> >   createdFromAPI="true">
>>> >     <jaxws:properties>
>>> >       <entry key="ws-security.callback-handler"
>>> >
>>> >
>>>  value="com.mansonthomas.amxbpm.customwebapp.services.amxbpm.security.PasswordCallbackHandler"
>>> > />
>>> >     </jaxws:properties>
>>> >   </jaxws:client>
>>> >
>>> > </beans>
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>> > On Tue, Sep 24, 2013 at 11:41 AM, Colm O hEigeartaigh <
>>> coheigea@apache.org
>>> > > wrote:
>>> >
>>> >> Look at the last test here:
>>> >>
>>> >>
>>> >>
>>> http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java?view=markup
>>> >>
>>> >>
>>> >>
>>> ((BindingProvider)utPort).getRequestContext().put(SecurityConstants.USERNAME,
>>> >> "Alice");
>>> >>
>>> >> Colm.
>>> >>
>>> >>
>>> >> On Tue, Sep 24, 2013 at 10:33 AM, Thomas Manson
>>> >> <dev.mansonthomas@gmail.com>wrote:
>>> >>
>>> >> > Hi Colm,
>>> >> >
>>> >> >   I'm back working on this subject (was on pause as I was working
>>> for
>>> >> other
>>> >> > clients)
>>> >> >
>>> >> >   I've checked out the SVN repo you gave me, and I've looked
>>> through the
>>> >> > samples configurations (client.xml) and I can't find anything
>>> >> appropriate.
>>> >> >
>>> >> >  In the UT (Username Token I guess), the username is always
>>> provided in
>>> >> the
>>> >> > configuration file.
>>> >> >  The saml/x509 configuration still refers to Alice.properties...
>>> >> >
>>> >> >
>>> >> >   In my case, the username shouldn't appear in the configuration
>>> files,
>>> >> as
>>> >> > I need to use the J2EE Principal as login, and call the webservice
>>> to
>>> >> > authenticate the user.
>>> >> >
>>> >> >   Could you point me to the right direction  ?
>>> >> >
>>> >> > Thomas.
>>> >> >
>>> >> >
>>> >> >
>>> >> >
>>> >> >
>>> >> > On Sat, Jul 13, 2013 at 1:45 AM, Thomas Manson
>>> >> > <dev.mansonthomas@gmail.com>wrote:
>>> >> >
>>> >> > > Thanks, it will surely help a lot :)
>>> >> > >
>>> >> > > Thomas.
>>> >> > >
>>> >> > >
>>> >> > > On Fri, Jul 12, 2013 at 6:05 PM, Colm O hEigeartaigh <
>>> >> > coheigea@apache.org>wrote:
>>> >> > >
>>> >> > >> Please take a look at the tests here:
>>> >> > >>
>>> >> > >>
>>> >> > >>
>>> >> >
>>> >>
>>> http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security-examples/
>>> >> > >>
>>> >> > >> Colm.
>>> >> > >>
>>> >> > >>
>>> >> > >> On Fri, Jul 12, 2013 at 4:22 PM, Thomas Manson
>>> >> > >> <dev.mansonthomas@gmail.com>wrote:
>>> >> > >>
>>> >> > >> > Do you have any other pointer that this page :
>>> >> > >> >
>>> >> > >> > cxf.apache.org/docs/ws-securitypolicy.html
>>> >> > >> >
>>> >> > >> > it's way to short for me as documentation to build
something
>>> that
>>> >> > work.
>>> >> > >> > When I read the properties described, I feel there's
a mix
>>> between
>>> >> > >> server
>>> >> > >> > side properties (which I'm not interested as I'm
just
>>> implementing
>>> >> a
>>> >> > >> > client)... + it starts with extra properties... where
are the
>>> basic
>>> >> > >> ones?
>>> >> > >> >
>>> >> > >> > what would help is a full example of the code of
a client.
>>> >> > >> >
>>> >> > >> > I'm quite lost ;)
>>> >> > >> >
>>> >> > >> >
>>> >> > >> >
>>> >> > >> >
>>> >> > >> > On Fri, Jul 12, 2013 at 5:09 PM, Colm O hEigeartaigh
<
>>> >> > >> coheigea@apache.org
>>> >> > >> > >wrote:
>>> >> > >> >
>>> >> > >> > >
>>> >> > >> > > If you follow the WS-SecurityPolicy approach
then it will
>>> work,
>>> >> as
>>> >> > >> all of
>>> >> > >> > > the configuration is taken from the context
rather than a
>>> >> properties
>>> >> > >> Map.
>>> >> > >> > >
>>> >> > >> > > Colm.
>>> >> > >> > >
>>> >> > >> > >
>>> >> > >> > > On Fri, Jul 12, 2013 at 4:01 PM, Thomas Manson
<
>>> >> > >> > dev.mansonthomas@gmail.com
>>> >> > >> > > > wrote:
>>> >> > >> > >
>>> >> > >> > >>  I already does what you say as follow,
but it mean one
>>> >> instance of
>>> >> > >> the
>>> >> > >> > >> client per user connected.
>>> >> > >> > >>
>>> >> > >> > >>
>>> >> > >> > >> I've search quite some time dans didn't
find a way to set
>>> >> something
>>> >> > >> like
>>> >> > >> > >> the password callback handler.
>>> >> > >> > >>
>>> >> > >> > >>
>>> >> > >> > >>
>>> >> > >> > >>  JaxWsProxyFactoryBean factory = new
>>> JaxWsProxyFactoryBean();
>>> >> > >> > >>
>>> >> > >> > >>     factory.setServiceClass(WorkListService.class);
>>> >> > >> > >>
>>> >> > >> > >>     factory.setAddress(this.endpoint);
>>> >> > >> > >>
>>> >> > >> > >>     //
>>> >> > >> > >>
>>> >> > >> >
>>> >> > >>
>>> >> >
>>> >>
>>> factory.setWsdlLocation("D:/ARTIC/SOURCE/artic/trunk/webapp/src/main/webapp/WSDL/brm.wsdl");
>>> >> > >> > >>
>>> >> > >> > >>     factory.setServiceName(new QName("
>>> >> > >> http://services.brm.n2.tibco.com
>>> >> > >> > ",
>>> >> > >> > >> "WorkListService"));
>>> >> > >> > >>
>>> >> > >> > >>     WorkListService workListService = (WorkListService)
>>> >> > >> > factory.create();
>>> >> > >> > >>
>>> >> > >> > >>
>>> >> > >> > >>        Client client =
>>> ClientProxy.getClient(workListService);
>>> >> > >> > >>
>>> >> > >> > >>
>>> >> > >> > >>     Map<String, Object> properties
= new HashMap<String,
>>> >> Object>();
>>> >> > >> > >>
>>> >> > >> > >>     properties.put(WSHandlerConstants.ACTION
         ,
>>> >> > >> > >> WSHandlerConstants.USERNAME_TOKEN);
>>> >> > >> > >>
>>> >> > >> > >>     properties.put(WSHandlerConstants.USER
           ,
>>> >> > >> this.username);
>>> >> > >> > >>
>>> >> > >> > >>     properties.put(WSHandlerConstants.PASSWORD_TYPE
  ,
>>> >> > WSConstants.
>>> >> > >> > >> PW_TEXT);// "PasswordDigest"
>>> >> > >> > >>
>>> >> > >> > >>     properties.put(WSHandlerConstants.PW_CALLBACK_REF
,
>>> >> > >> > newPasswordCallbackHandler(
>>> >> > >> > >> this.username, password, "password"));
>>> >> > >> > >>
>>> >> > >> > >>
>>> >> > >> > >>     client.getOutInterceptors().add(new
>>> >> > >> > WSS4JOutInterceptor(properties));
>>> >> > >> > >>
>>> >> > >> > >>
>>> >> > >> > >> On Fri, Jul 12, 2013 at 4:36 PM, Colm O
hEigeartaigh <
>>> >> > >> > coheigea@apache.org
>>> >> > >> > >> > wrote:
>>> >> > >> > >>
>>> >> > >> > >>> ou could create a CXF interceptor that
sets the username
>>> on the
>>> >> > fly,
>>> >> > >> > >>> before the WSS4JOutInterceptor is called.
>>> >> > >> > >>
>>> >> > >> > >>
>>> >> > >> > >>
>>> >> > >> > >>
>>> >> > >> > >
>>> >> > >> > >
>>> >> > >> > > --
>>> >> > >> > > Colm O hEigeartaigh
>>> >> > >> > >
>>> >> > >> > > Talend Community Coder
>>> >> > >> > > http://coders.talend.com
>>> >> > >> > >
>>> >> > >> >
>>> >> > >>
>>> >> > >>
>>> >> > >>
>>> >> > >> --
>>> >> > >> Colm O hEigeartaigh
>>> >> > >>
>>> >> > >> Talend Community Coder
>>> >> > >> http://coders.talend.com
>>> >> > >>
>>> >> > >
>>> >> > >
>>> >> >
>>> >>
>>> >>
>>> >>
>>> >> --
>>> >> Colm O hEigeartaigh
>>> >>
>>> >> Talend Community Coder
>>> >> http://coders.talend.com
>>> >>
>>> >
>>> >
>>>
>>>
>>> --
>>> Colm O hEigeartaigh
>>>
>>> Talend Community Coder
>>> http://coders.talend.com
>>>
>>
>>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message