-
1. WS-Security on JBoss 6 (with CXF)
nickarls Jan 31, 2011 3:36 AM (in response to franky_b)Have you checked out http://www.jboss.org/jbossas/docs/6-x/Component-Documentation/web-services.html ? I haven't, just asking ;-)
-
2. WS-Security on JBoss 6 (with CXF)
franky_b Jan 31, 2011 4:05 AM (in response to nickarls)Well, yes, I've already found and studied this (especially http://docs.jboss.org/jbossas/6/WebServices_Guide/en-US/html/chap_JBossWS-StackCXFUserGuide.html) via Google.
However, in the examples, they mess with heavy XML configuration which would break my approach using annotations for all the web services. Furthermore, Spring is required in order for this to work. This is not what I call a "lightwight" solution
So I don't want to rely on any container magic, I just want to inject my stateless session bean somewhere in the handler chain to parse the SOAP header and to check the username in the database...
-
3. WS-Security on JBoss 6 (with CXF)
franky_b Feb 3, 2011 4:15 AM (in response to franky_b)No one has an idea?
What's the default procedure to add WS-Security UsernameToken capabilities to JBoss AS 6?
I think this should be a quite common task...
-
4. WS-Security on JBoss 6 (with CXF)
asoldano Feb 3, 2011 4:45 AM (in response to franky_b)1 of 1 people found this helpfulIf you want to use the full WS-Security facilities coming with Apache CXF and hence JBossWS-CXF, you need to go through the Spring configuration, which covers the stack specific aspect of configuring the security engine, similarly to what you did with the jboss-wsse-endpoint.xml on JBossWS-Native stack.
The documentation on WS-Security w/ JBossWS-CXF is at http://community.jboss.org/wiki/JBossWS-StackCXFUserGuide#WSSecurity . Please also consider taking a look at the mentioned Apache CXF doc there.
On the countrary, if you just want to implement and home brew solution for checking some of the WS-Security headers, you can avoid setting up security at all and install your custom handlers / interceptors. Handlers configuration is covered by standard specs and hence can be done in a stack agnostic way (see the @HandlerChain annotation). Alternatively, you can use CXF interceptors, declared through @InInterceptor/@OutInterceptor/.. (see Apache CXF doc on that).
-
5. WS-Security on JBoss 6 (with CXF)
franky_b Feb 3, 2011 5:03 AM (in response to asoldano)Okay, thanks a lot for this clear statement.
Since I only need a few base functionalities, I absolutely prefer the "home brew" solution. I'll hava a look at the suggested methods, maybe I'll come back later ;-)
-
6. WS-Security on JBoss 6 (with CXF)
vlad.bujoreanu Mar 29, 2011 4:20 AM (in response to asoldano)Hello,
I am trying to migrate to the cxf stack an application that wa previously using the jboss-wsse-endpoint.xml on JBossWS-Native stack to implement username token authentication.
I have installed the spring deployer and used the jbossw-cxf.xml file to define username token authentication as in
http://community.jboss.org/wiki/JBossWS-StackCXFUserGuide#WSSecurity
What i want to ask is how to do this part that is indicated there :
"Authentication and authorization will simply be delegated to the security domain configured for the endpoint. Of course you can specify the login module you prefer for that security domain (refer the application server / security documentation for that)."
How do I do that ? I mean, is if sufficient to annotate my endpoint with @SecurityDomain and specify the application policy in login-config.xml ?
-
7. WS-Security on JBoss 6 (with CXF)
asoldano Apr 4, 2011 5:48 AM (in response to vlad.bujoreanu)Consider taking a look at the package org.jboss.test.ws.jaxws.samples.wsse* in the jbossws-cxf sources.