4 Replies Latest reply on Nov 11, 2010 3:25 AM by asoldano

JBossWS-CFX in RiftSaw BPEL (basic authentication)

izgur Nov 10, 2010 5:03 AM

Hey!

I'm working on Riftsaw 2.1 installed on jbossesb 4.8, that runs on jboss as 5.1. I solved some issues on the Riftsaw forum, but for the last remaining thing I would really need help from the jbossws-cxf team.

I posted my question on RiftSaw forum, but was redirected here, because I got the answer:

RiftSaw only currently supports WS-Security, not HTTP basic authentication directly - so if there is a way to use jbossws-cxf configuration to invoke an external basic authentication service, then you will need to check with the jbossws-cxf team.

Till Friday I need to know if I'm able to call a external web service which uses the UsernameToken basic authentication...

Up to know I just took a look at the SecureInvokeExample...

I didn't see that anything for the authentication would be specified in WSDL or BPEL file...

That means that jbossws-cxf-myPort.xml does it all ?

If I get this right I have to write the jbossws-cxf-myPort.xml where I specify both beans (message elements from WSDL) and for each specify the <map> tag.

Are all this <entry> necessary : passwordCallbackClass, signaturePropFile, singatureKeyIdentifier? Do I need to write these .jks files ?

I hope somebody could explain ...

1. Re: JBossWS-CFX in RiftSaw BPEL (basic authentication)

izgur Nov 10, 2010 5:12 AM (in response to izgur)

http://community.jboss.org/thread/157598 if it helps ...
Actions
2. Re: JBossWS-CFX in RiftSaw BPEL (basic authentication)

asoldano Nov 10, 2010 5:26 AM (in response to izgur)

It's not clear to me if you really want to do a http basic auth or want to use the UsernameToken profile of WS-Security. The latter is just something you can configure and use as part of the ws-security impl available in apache cxf (but might force you to use https if you use ws-security policy).
The former (http basic auth) is something related to the transport protocol. If you're using a CXF client, take a look here on how to setup the http client: http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html
Actions
3. Re: JBossWS-CFX in RiftSaw BPEL (basic authentication)

izgur Nov 11, 2010 1:59 AM (in response to asoldano)

I remember that when I made a request from soapui, I just had to add my password to the outgoing WS-security configurations...
it added just a usernametoken tag with username and password into the header...
nothing else changed ... so it must UsernameToken of WS-security and...

How can I get this UsernameToken into my request header ? How can i configure that ?
Actions
4. Re: JBossWS-CFX in RiftSaw BPEL (basic authentication)

asoldano Nov 11, 2010 3:25 AM (in response to izgur)

The basic documentation @Apache is here: http://cxf.apache.org/docs/ws-security.html It has a section on username token based authentication.
In terms of JBossWS-CXF integration, take a look at http://community.jboss.org/wiki/JBossWS-StackCXFUserGuide#Authentication_and_authorization . The jbossws-cxf testsuite has some tests/samples covering this topic.
Actions

Go to original post