Announcement Announcement Module
Collapse
No announcement yet.
Is there any out of box interceptor for authenticating webservices ? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Is there any out of box interceptor for authenticating webservices ?

    Hi,

    We are trying to integrate CXF with Spring security for webservices and using UserNameToken Profile for WS-Security.

    Right now I'm writing the WSCallbackHandler to handle the "UserNameToken" profile and authenticate against the spring secuirty by injecting "authenticationManager".

    Is there a "WS-SecurityIntercetor" similar to "WSS4JInInterceptor" which I can use to inject the authentication mechanisam and as well as different security profiles so that it would be done automatically for me?

    Thanks
    Krishmn




    <bean id="serverPasswordCallback" class="com.chordiant.security.auth.ServerPasswordC allback">
    <property name="authenticationManager" ref="authenticationManager"/>
    </bean>

    <bean id="wss4jInConfiguration" class="org.apache.cxf.ws.security.wss4j.WSS4JInInt erceptor">
    <property name="properties">
    <map>
    <entry key="action" value="UsernameToken"/>
    <entry key="passwordType" value="PasswordText" />
    <entry>
    <key>
    <value>passwordCallbackRef</value>
    </key>
    <ref bean="serverPasswordCallback"/>
    </entry>
    </map>
    </property>
    </bean>



    <jaxws:endpoint id="helloWorldEndpoint" implementor="#helloWorld" address="/HelloWorld" >
    <jaxws:inInterceptors>
    <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInte rceptor" />
    <ref bean="wss4jInConfiguration"/>
    </jaxws:inInterceptors>
    </jaxws:endpoint>

  • #2
    You might be better off asking this at the CXF mailing list.

    Comment

    Working...
    X