-
1. Re: Web Service exposed via cxf.endPoint - how to secure using basic auth/ssl?
ffang Jun 23, 2011 5:31 AM (in response to uio100)Hi,
Well, you actually asked several questions.
For the inbound message, I assume you're using cxf http-osgi transport which use pax-web underlying.
For SSL,
you need configure pax-web(jetty underlying), take a look at to get more details.
And we already have a stub configuration file org.ops4j.pax.web.cfg in $FUSE_ESB/etc folder.
For basic auth, you have two options
1. You can configure jetty security handler with realm to enable basic auth(you may need check jetty docs to get more details), you can configure jetty through jetty.xml in $FUSE_ESB/etc folder directly if you use latest released FUSE ESB 4.4, or create a fragment bundle which contain your jetty configuration and attach it to the pax-web bundle as described from[2] if you're using FUSE ESB 4.3.x
OR which I prefer to do
2. leverage cxf JAASLoginInterceptor directly and wire basic auth to karaf realm.
Your cxf endpoint configuration should be like
and you just need $FUSE_ESB/etc/users.properties to add name/password
user=password
This reuse default jaas configuration in karaf(PropertiesLoginModule) with JAAS LoginContext name "karaf".
For the outbound request message, for SSL and basic auth you need configure http:conduit to do so, just check[3] to get ideas how to configure it.
Hope this helps.
http://wiki.ops4j.org/display/paxweb/SSL+Configuration
http://wiki.ops4j.org/display/paxweb/AdvancedJettyConfiguration
http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html
Freeman
-
2. Re: Web Service exposed via cxf.endPoint - how to secure using basic auth/ssl?
uio100 Jun 27, 2011 4:08 AM (in response to uio100)Dear Freeman,
thank you so much for your detailed answer. I'm using the cxf namespace and the cxf:cxfEndpoint notation - does that mean I have to switch to jaxws namespace? I'm not using a service endpoint implementation but a camel route which further processes the incoming request.
<cxf:cxfEndpoint id="crMaster"
address="http://localhost:9080/facade/CRMasterService"
endpointName="s:CRMasterServicePort"
serviceName="s:CRMasterService"
wsdlURL="etc/sample.wsdl"
xmlns:s="http://crmaster.facade.ws.example.com/" >
Is it safe to switch to jaxws instead of cxf namespace? I'd try to lookup the namespace relevant definition for the camel-context.xml file from the fuse docs then.
-
edit -
I've tried to adapt your example to cxf namespace using cxf:inInterceptors and cxf:properties, to no avail. No login required for the web service. In the servicemix.log, there is a message
ing the interceptor org.apache.cxf.interceptor.OneWayProcessorInterceptor@121b6e7
10:02:24,554 | INFO | xtenderThread-10 | MessageDataFormatFeature | 126 - org.apache.camel.camel-cxf - 2.7.1.fuse-00-27 | remov
ing the interceptor org.apache.cxf.interceptor.security.JAASLoginInterceptor@6f2775
I reckon that "removing the interceptor" is the cause, but why is servicemix removing that interceptor?
kind regards
Michael
Edited by: uio100 on Jun 27, 2011 10:06 AM
-
3. Re: Web Service exposed via cxf.endPoint - how to secure using basic auth/ssl?
njiang Jun 27, 2011 4:43 AM (in response to uio100)Hi,
JAASLoginInterceptor's phase is Phase.UNMARSHAL, which means it will be removed the when you are using the MESSAGE data format which means it will not touch the underlay stream.
If you are using the POJO data format, the interceptor will not be removed
Willem
-
4. Re: Web Service exposed via cxf.endPoint - how to secure using basic auth/ssl?
uio100 Jun 27, 2011 5:20 AM (in response to njiang)Hello Willem,
does that mean I have to use POJO mode? I was setting the endpoint to MESSAGE mode, and I am afraid that this cannot be changed easily. The incoming SOAPEnvelope & Body is further consumed by a camel route and not necessarily by Java code.
What I try to achieve is that the "facade" as defined in the cxf:cxfEndpoint address poses as a virtual service, forwarding the request via camel to 1 to n real services (with or without transformation of the body and probably modifying the header) and getting the responses back and return a composite response to the caller.
kind regards
Michael
-
5. Re: Web Service exposed via cxf.endPoint - how to secure using basic auth/ssl?
uio100 Jun 27, 2011 12:39 PM (in response to uio100)Hello!
I've changed my code to process data format PAYLOAD and now the interceptor works.
However, it seems I have to post something into Camel/Mediation Router as my split / aggregate does not seem to send back the desired response to the original caller.
Thank you so much!
Kind regards
Michael