-
1. Re: ServiceMix InitialContextWrapper breaks LDAP req. Is there a temp solution?
davestanley Nov 24, 2009 5:32 PM (in response to marcelcasado)Hi Marcel,
This sounds like a reasonable solution until ESB-834 is fixed. I think the side effect would be that you cannot lookup the osgi registry using jndi.
Regards
/Dave
-
2. Re: ServiceMix InitialContextWrapper breaks LDAP req. Is there a temp solution?
sanjayk Dec 4, 2009 1:52 PM (in response to marcelcasado)Hi Marcel,
I would like to do LDAP authentication exactly the same way that your example.
I am able to configure everything and able to authenticate with the wsdl URL in the browser.System popup an alert for the user id and password (like JASS alert).I gave the credentials and system authenticated.
If I use SOAP message with UserNameToken in the SOAP header and send the message to my service then system is throwing a fault message like below.
###############
Security</faultstring>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
#################
Here is my SOAP message.
################
<soapenv:Envelope xmlns:edr="http://services.com/test" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>user</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">vGf7Foeq2GSEwW3aBafACw==</wsse:Nonce>
<wsu:Created>2009-12-04T17:29:07.402Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<test:RetrieveRefData>
<test:RefNumber>12345</test:RefNumber>
</test:RetrieveRefData>
</soapenv:Body>
</soapenv:Envelope>
################
Could you please help me to fix the issue.
Thanks,
Sanjay
-
3. Re: ServiceMix InitialContextWrapper breaks LDAP req. Is there a temp solut
marcelcasado Dec 4, 2009 2:34 PM (in response to sanjayk)Hi Sanjay,
I'm not sure what is your application setup, like, do you use FUSE ESB 3 or 4 and
the CXF web services framework ? What is your security architecture?
For the fault message it looks like you are not using the WSS4J interceptor on the web service configuration so CXF complains that the security headers has not been handled by anybody and it's marked as mustUnderstand="true" so it throws a fault.
To fix that you have to add the security interceptors to your service and configure them according to your security policy.
Please see if the blog below can help you on getting you set up for WS-Security and JAAS. I'ts a little bit complex.
http://tmielke.blogspot.com/2009/05/understanding-authentication-and.html
My self I'm using a customization of the solution discussed on the blog.
-Marcel
-
4. Re: ServiceMix InitialContextWrapper breaks LDAP req. Is there a temp solut
sanjayk Dec 4, 2009 2:50 PM (in response to marcelcasado)Hi Marcel,
Thanks alot for reply.
Here is my FUSE configuration.
Version : 3.3.1.18
I have exposed a WSDL file to the clients using http soap-consumer service unit.
Here is I have attached my xbean.xml and I did not add any interceptors in my xbean.xml configuration.
I am a new bee to FUSE/ServiceMix.
Here is my service execution sequence.
HTTP SOAP Consumer SU --> CXF-SE --> Mediation Router --> Bean SU
I am able to configure everything and able to authenticate with the wsdl URL in the browser.System popup an alert for the user id and password (like JASS alert).I gave the credentials and system authenticate the user perfectly.
If I use SOAP message with UserNameToken in the SOAP header and send the message to my service then system is throwing a fault message like below.
###############
Security</faultstring>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
#################
Here is my SOAP message.
################
<soapenv:Envelope xmlns:test="http://services.com/test" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>user</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">vGf7Foeq2GSEwW3aBafACw==</wsse:Nonce>
<wsu:Created>2009-12-04T17:29:07.402Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<test:RetrieveRefData>
<test:RefNumber>12345</test:RefNumber>
</test:RetrieveRefData>
</soapenv:Body>
</soapenv:Envelope>
################
please help me in fixing this issue.
Thanks,
Sanjay
-
xbean.xml 843 bytes
-
-
5. Re: ServiceMix InitialContextWrapper breaks LDAP req. Is there a temp solut
marcelcasado Dec 4, 2009 9:10 PM (in response to sanjayk)Sanjay,
Sorry I can not help you much since myself I use ServiceMix 4.1 that is a OSGI implementation instead of JBI (even JBI is still supported), so they are two different worlds. I don't use the JBI components, I use OSGI bundles and my security implementation is really customized for ServiceMix 4 osgi.
But I you follow carefully the blog I told you before you should be able to figure out the steps required for you. I see the documentation for the "http:soap-consumer" is very limited but start trying something like :
Good luck,
-Marcel
Edited by: marcelcasado on Dec 5, 2009 2:10 AM