Re: WS-Security Single Sign On
Davide, There are lot of sample code out there for Acegi+CAS. I had my Acegi+CAS working more than a year ago. The idea is to make them all together. As for as Authentcation using CXF+Acegi there are multiple posts withing this forms. Look for the one Anne Racel. I have not seen any imlementation on how to propogate the security token (Except may be one post for XFire and I have not understood it at all), between ws requests. Thanks Matt Davide Gesino wrote: Hi Matt, thanks for the links. At the moment I'm trying to figure out how Sun project Metro manages WS-* extensions. Metro already supports this specs... Anyway everything is hidden away from the developer from Netbeans IDE (that still have some bugs). It is not clear what 's going on behind the scenes in glassfish, metro and netbeans. expecially the transport is not pluggable, from thw wizard, so I have chose the eclipse + CXF way to have more control on what I am doing. My prj is based on CXF. going back to CXF... Using an overall trusted Security Token Service (STS) that generates security session tokens seems to be the right way to have a single signed on (and then have a secure conversation). Pls refer to: https://wsit.dev.java.net/docs/trust-whitepaper.pdf CAS seems to be the way to provide a STS both client and server trust I'm trying to understand how it works, how it could be integrated in TOMCAT with CXF and ACEGI. I have not still understood if CAS is protocol agnostic, I would not have to rely upon HTTP transport security. I'll try make something out all these technoligies, when I have some code that does work (I hope) I'll make you know! mattmadhavan wrote: Hi Davide, (I have replied to one of your earlier reply to mine). I found bunch of postings here and few blogs. Please look at ACEGI+ CAS (SSO) fro SSO. Please refer to this great post, http://domagojtechtips.blogspot.com/2007/08/cxf-spring-and-ws-security-putting-it.html explains security prpogation. The idea is to tie in Acegi to this one and use Acegi+CAS for SSO. This post explains the ACEGI+CXF. http://www.nabble.com/Acegi-Security-with-CXF-tf4337860.html#a12391936 The answer is out there in bits and pieces, but they all need to be tied down! I have n't had a chance to tie'em together yet. If you are interested we can work together. After thanksgiving I will get to it! Any help will be appreciated! Thanks Matt Thkx again, the smoke is clearing out! The infrastructure I am working in is http transport based, but probably in the future will be moved to a JMS transport. So in the future I could not rely on HTTPS anymore... anyway now I have it! I haven't understood yout sentence WS-SecureConversation is the route to take here, but a lot of infrastructure needs to be put into place, in order to make effective use of the Kerberos authentication protocol. In which sense? WS_Secure Conversation is implemented using Kerberos? Fred Dushin-3 wrote: David, WSS4J may have some recently added support for propagating kerberos tokens (and by token, I take it you mean a kerberos AP_REQ message), but getting a token from point A to point B is a small fraction of the story, when it comes to kerberos integration with Web Services. Yes, WS-SecureConversation is the route to take here, but a lot of infrastructure needs to be put into place, in order to make effective use of the Kerberos authentication protocol. In particular, security sessions need to be established and maintained (along the lines of abstractions provided by the GSS-API), and used to provide cryptographic services for messages delivered in the secure channel established. Of course, this may be overkill. An alternative is to use SSL to protect the channel, and just pass kerberos tickets as cookies. You at least get some assurance of client identity that way, but that's a pretty weak security story, IMO. It also requires that you use SSL, which sort of defeats the purpose of using Kerberos, in the first place -- or at a minimum overlooks the full power of the kerberos infrastructure. SSL may not be a viable options for all deployments, as well (e.g., JMS), but that doesn't seem to be an obstacle in your specific case. -Fred On Sep 13, 2007, at 4:07 AM, Davide Gesino wrote: Hi Fred, With Single Sign On I meant a mechanism to have a series of messages authenticated only once (with the first of the series) and treated as a conversation, instead of autenthicate each message. I some way I would want to emulate something similar to initial login followed by and exchange of messages. Maybe this pertains the WS-SecureConversation specification, that I've seen will be covered in CXF 2.1. There is a way to use Kerberos authentication token in wss4j ?! David Fred Dushin-3 wrote: No question is silly or bad. CXF itself provides
Re: CXF+ACEGI setting userid/pw on the client side
Hi David, Thanks for the reply. Yes you are correct. Thats the Java way. I found a posting for a Flex client as well. Please look at this great blog - (It was a great post on lot good stuff - but rather incomplete). http://www.jroller.com/wookets/ I wish this guy makes the examples more complete though! Thanks again, Matt Davide Gesino wrote: Hi, I do not think so, I think you have to create a message handler, that adds token you want to the soap header and put iit in a handler chain if you're working in java. Anyway this info have to go in a SOAP header. Theoretically you could construct the XML soap request programmatically (also in Java)... but it is pain. Using other languages I guess there is some high level API (in .NET at least) to add this kind of header, that on the server side will be processed in a jax-ws fashion. For .Net You could watch to the java project tango web site and see if there is something worth about it. I don't know if I have said something useful ;-) mattmadhavan wrote: Hi, Is there any way to setup userid/pw soap header token on the client side programatically without having to create a callback handler class etc? I just want to create a token and add it to the soap message! My client side can be .NET, JAVA. FLEX etc. I cannot force them to do equivalent things (like creating callback handler to set the pw). Any ideas? Thanks Matt -- View this message in context: http://www.nabble.com/CXF%2BACEGI-setting-userid-pw-on-the-client-side-tf4687934.html#a13902156 Sent from the cxf-user mailing list archive at Nabble.com.
Re: WS-Security Single Sign On
Hi Davide, (I have replied to one of your earlier reply to mine). I found bunch of postings here and few blogs. Please look at ACEGI+ CAS (SSO) fro SSO. Please refer to this great post, http://domagojtechtips.blogspot.com/2007/08/cxf-spring-and-ws-security-putting-it.html explains security prpogation. The idea is to tie in Acegi to this one and use Acegi+CAS for SSO. This post explains the ACEGI+CXF. http://www.nabble.com/Acegi-Security-with-CXF-tf4337860.html#a12391936 The answer is out there in bits and pieces, but they all need to be tied down! I have n't had a chance to tie'em together yet. If you are interested we can work together. After thanksgiving I will get to it! Any help will be appreciated! Thanks Matt Thkx again, the smoke is clearing out! The infrastructure I am working in is http transport based, but probably in the future will be moved to a JMS transport. So in the future I could not rely on HTTPS anymore... anyway now I have it! I haven't understood yout sentence WS-SecureConversation is the route to take here, but a lot of infrastructure needs to be put into place, in order to make effective use of the Kerberos authentication protocol. In which sense? WS_Secure Conversation is implemented using Kerberos? Fred Dushin-3 wrote: David, WSS4J may have some recently added support for propagating kerberos tokens (and by token, I take it you mean a kerberos AP_REQ message), but getting a token from point A to point B is a small fraction of the story, when it comes to kerberos integration with Web Services. Yes, WS-SecureConversation is the route to take here, but a lot of infrastructure needs to be put into place, in order to make effective use of the Kerberos authentication protocol. In particular, security sessions need to be established and maintained (along the lines of abstractions provided by the GSS-API), and used to provide cryptographic services for messages delivered in the secure channel established. Of course, this may be overkill. An alternative is to use SSL to protect the channel, and just pass kerberos tickets as cookies. You at least get some assurance of client identity that way, but that's a pretty weak security story, IMO. It also requires that you use SSL, which sort of defeats the purpose of using Kerberos, in the first place -- or at a minimum overlooks the full power of the kerberos infrastructure. SSL may not be a viable options for all deployments, as well (e.g., JMS), but that doesn't seem to be an obstacle in your specific case. -Fred On Sep 13, 2007, at 4:07 AM, Davide Gesino wrote: Hi Fred, With Single Sign On I meant a mechanism to have a series of messages authenticated only once (with the first of the series) and treated as a conversation, instead of autenthicate each message. I some way I would want to emulate something similar to initial login followed by and exchange of messages. Maybe this pertains the WS-SecureConversation specification, that I've seen will be covered in CXF 2.1. There is a way to use Kerberos authentication token in wss4j ?! David Fred Dushin-3 wrote: No question is silly or bad. CXF itself provides no single sign-on capabilities, though one could certainly try to implement one over CXF. The challenge is to do it in a way that provides reasonable assurance and protection from replay and man-in-the-middle attacks. The naive approach is to grant the client a cookie in virtue of a login event, and then for the client to present that cookie as evidence of its identity. This way, the client is just using an opaque token in lieu of otherwise sensitive security information. (I presume this is what you mean by single sign-on). To do this, you need to lock down your communications channels, presumably in your case, using SSL. And you need to ensure that the dispensed cookies can't be stolen or hijacked. That's a lot of trust you need to place in how you deploy your infrastructure, and it only gets you so far. The more compelling solution (IMO) is to use SSO technologies that are already out there, such as Kerberos (which is arguably the most deployed SSO solution going). But I'm guessing that's not what you're after. -Fred On Sep 12, 2007, at 9:04 AM, Davide Gesino wrote: Hi, may be a silly or bad question but there is a way to have a single sign on mechanism in CXF (in WS in general) or I have to check the user credentials each time for each message? There is a way to estabilish something similar to the Http Session between WS client and server?!? In my app I have CXF deployed on Tomcat and the transport is Http. David -- View this message in context: http://www.nabble.com/WS-Security- Single-Sign-On-tf4429137.html#a12634942 Sent from the cxf-user mailing list archive at Nabble.com. -- View this message in context: http://www.nabble.com/WS-Security-
Re: HELP - org.apache.axis.soap.MessageFactoryImpl - Strange Exception
Hi Christian, Thanks, It worked! I hope there is a better way then this! Matt Christian Vest Hansen wrote: I don't know if there's a better way to fix this, but try to somehow call: System.setProperty(javax.xml.soap.MessageFactory, com.sun.xml.messaging.saaj.soap.ver1_1.SOAPMessageFactory1_1Impl); Before the saaj interceptor loads. 2007/10/25, mattmadhavan [EMAIL PROTECTED]: Hello, I have configured my client beans(spring configuraiton) with the org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor and org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor. When I run my client I am getting the following exception. Why is it looking for Apache Axis' Message factory? I am using cxf 2.0.2. Any help will be appreciated. Thanks Matt Exception in thread main javax.xml.soap.SOAPException: Failed to create MessageFactory: org.apache.axis.soap.MessageFactoryImpl at javax.xml.soap.MessageFactory.newInstance(MessageFactory.java:55) at com.adobe.cairngorm.samples.store.service.ProductInfoServiceClient.main(ProductInfoServiceClient.java:57) Caused by: java.lang.ClassNotFoundException: org.apache.axis.soap.MessageFactoryImpl at java.net.URLClassLoader$1.run(URLClassLoader.java:200) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:306) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:268) at java.lang.ClassLoader.loadClass(ClassLoader.java:251) at javax.xml.soap.MessageFactory.newInstance(MessageFactory.java:50) -- View this message in context: http://www.nabble.com/HELP---org.apache.axis.soap.MessageFactoryImpl---Strange-Exception-tf4693600.html#a13415791 Sent from the cxf-user mailing list archive at Nabble.com. -- Venlig hilsen / Kind regards, Christian Vest Hansen. -- View this message in context: http://www.nabble.com/HELP---org.apache.axis.soap.MessageFactoryImpl---Strange-Exception-tf4693600.html#a13417811 Sent from the cxf-user mailing list archive at Nabble.com.
CXF+ACEGI setting userid/pw on the client side
Hi, Is there any way to setup userid/pw soap header token on the client side programatically without having to create a callback handler class etc? I just want to create a token and add it to the soap message! My client side can be .NET, JAVA. FLEX etc. I cannot force them to do equivalent things (like creating callback handler to set the pw). Any ideas? Thanks Matt -- View this message in context: http://www.nabble.com/CXF%2BACEGI-setting-userid-pw-on-the-client-side-tf4687934.html#a13398044 Sent from the cxf-user mailing list archive at Nabble.com.
Re: CXF+ACEGI + Anybody out there?
Hello again, Sorry to re-visit this thread again, but I am still not clear if we reached any conclusion! Do we just use Acegi or use it with WSSJ? Can some one please post a complete example - With all the configurations etc? It will be awesome! Thanks Matt Juan José Vázquez Delgado wrote: Hi all, I love CXF, but IMHO the ws-security module is not good enough solved. I suspect the responsible is wss4j wich is not too much powerful. I´m thinking in using the glassfish XWSS (https://xwss.dev.java.net/) in a similar way to Spring Web Services ( http://static.springframework.org/spring-ws/site/). With XWSS you can setting handlers and validators like for instance an Acegi Handler. BR, Juanjo. On 9/21/07, Eric Miles [EMAIL PROTECTED] wrote: We started some discussion the other day about CXF+Acegi out there the other day, but hadn't seen anything since. Any discussion after I sent the source code or my findings with integrating the two? On Tue, 2007-09-18 at 11:18 -0400, Eric Miles wrote: Actually, here is the code. Attached is the WSS4J callback class and the CXF interceptor that uses the Acegi authentication manager for authentication. Pretty simple and straight forward. If you look at the callback handler, you can see my comment regarding the WSS4J engine. I do have one concern in that this solution might not have worked for a digest UT. I'll have to revisit as it has been several months since we first looked at it. However, this is a spring board for any discussions. (Spring pun not intended) Eric On Tue, 2007-09-18 at 08:10 -0700, mattmadhavan wrote: Eric, Do you mind posting a complete example. May be we can have a very constructive discussions based on that. Thanks Matt BigEHokie wrote: Dan, What sort of solution are you looking for? We are using an Acegi/Spring/CXF implementation at our company where we are using WS-Security and Acegi for authentication and AOP/Acegi for authorization. We could be interested in contributing. Thanks, Eric On Tue, 2007-09-18 at 00:15 +0200, Dan Diephouse wrote: And I want somebody to contribute a cleaner solution :-D I know there is a lot of stuff we could do with Spring Security/Acegi that would be super cool. It'd be a real low barrier way to contribute some stuff if anyone is interested. Cheers, - Dan mattmadhavan wrote: Hi Ray, No I do not want the client side to tell the server! Thats my point. Some good blogs I have seen, do that! Where the client 'tells' which handler to use! I want a cleaner ACEGI+ XFIRE solution! Thanks Matt Ray Krueger wrote: You want the client to tell the server how to do security? That sounds crazy :) Your client side should either be doing http based security or ws-security. That doesn't have anything to do with Acegi at that point. On 9/14/07, Zarar Siddiqi [EMAIL PROTECTED] wrote: I'm trying to understand what you're saying but am having difficulty. But here goes: Can some one point me to some docs on the CXF and ACEGI integration or CXF and security like authentication and authorization. I use Acegi for authorization purposes only. IMHO it doesn't really make sense for authentication (WS-Security can do that). So I use the MethodSecurityInterceptor and BeanNameAutoProxyCreator to manage calls to my service level methods. The Acegi docs can help you there, the only difference I think is that you have to set the authentication token yourself, e.g.: UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( user.getUsername(), user.getPassword(), user.getAuthorities()); // Populate Acegi Security Context SecurityContextHolder.getContext().setAuthentication(token); I found some blogs on the CXF+ACEGI, but it is Java centric. On the client side we need to set the which class handles the security on the Server side! But if I am using some other language for clients like C# it doesn't seem to be the proper way! You can pass the class name which handles security to the server (crazy thought I think!) using a header element and then parse it using CXF interceptors. Zarar mattmadhavan wrote: Any Help will be appreciated! mattmadhavan wrote: Hello, Can some one point me to some docs on the CXF and ACEGI integration or CXF
RE: CXFServlet + WebServices + Spring MVC
Hi Chris, No, you understood my problem correctly. The problem you solved will work for me! But my question is since, the CXFServlet is the same as the Spring Servlet, can I use the same servlet for both Webserices and spring MVC? Any input to this question will be appreciated. Thanks Matt CMoesel wrote: Hi Matt, Maybe I'm misunderstanding your question, but I think you just want to be able to use CXF and Spring MVC in the same application? If that's it, I've done this simply by mapping the CXFServlet and DispatcherServlet to two different URL patterns. For example: ?xml version=1.0 encoding=ISO-8859-1? web-app xmlns=http://java.sun.com/xml/ns/j2ee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd; version=2.4 descriptionMy Web Application/description display-nameMy Web Application/display-name context-param param-namecontextConfigLocation/param-name param-value classpath:my-cxf-config.xml classpath:META-INF/cxf/cxf-servlet.xml /param-value /context-param listener listener-classorg.springframework.web.context.ContextLoaderListener/l istener-class /listener servlet servlet-nameCXFServlet/servlet-name servlet-classorg.apache.cxf.transport.servlet.CXFServlet/servlet-clas s load-on-startup1/load-on-startup /servlet servlet-mapping servlet-nameCXFServlet/servlet-name url-pattern/services/*/url-pattern /servlet-mapping servlet servlet-namespringmvc/servlet-name servlet-classorg.springframework.web.servlet.DispatcherServlet/servle t-class load-on-startup2/load-on-startup /servlet servlet-mapping servlet-namespringmvc/servlet-name url-pattern/web/*/url-pattern /servlet-mapping welcome-file-listwelcome-fileindex.jsp/welcome-file/welcome-file- list /web-app -Chris -Original Message- From: mattmadhavan [mailto:[EMAIL PROTECTED] Sent: Friday, September 21, 2007 4:00 PM To: cxf-user@incubator.apache.org Subject: CXFServlet + WebServices + Spring MVC Hello, I am currently working on a project for my current client for all external notifications. My requirements are as follows: * Some of my client's partners communicate via Straight HTTP Post - Data can be HTTP (I guess I can use REST for this - but not all of them send XML!) * Some do via SOAP. This is for a premiums and thats how my client makes his money and I would like to give them a robust solution. I would like to use CXF Servlet (Or straight Spring Dispatcher Servelt)and also add Spring MVC controller so that I can add some actions for non-soap based communications - be it a XML - or any other data format. How can I combine these two! XFire had a solution where you use Straight Spring Dispatcher Servlet and use a class called XFireExporter bean and have a url mapping on the MVC side! (XFireExporter implements a spring controller). The CXF migration says I do not need this as the *ServerFactoryBean takes care of this! I am little confused! Any idead where I can map the urls in the MVC to controllers including CXF Webservices as XFire did? Any help will be appreciated. Thanks Matt -- View this message in context: http://www.nabble.com/CXFServlet-%2B-WebServices-%2B-Spring-MVC-tf449826 8.html#a12828806 Sent from the cxf-user mailing list archive at Nabble.com. -- View this message in context: http://www.nabble.com/CXFServlet-%2B-WebServices-%2B-Spring-MVC-tf4498268.html#a12861059 Sent from the cxf-user mailing list archive at Nabble.com.
Re: CXF+ACEGI
Hello All, Please refer to this blog. Seems to be one of the most popular blog. Please look at the client code! (Test case). Any ideas? If some one has a complete ACEGI security solution and posts it it will be Awesome! Ray do you mind posting a complete sample. It will be greatly beneficial to everybody. Matt dkulp wrote: Ray, On Monday 17 September 2007, Ray Krueger wrote: The authorization and authentication concerns are addressed at the protocol layer first, and can then be extended into lower levels of the application via AOP and such. So, if you're interested in securing your application at that level, then CXF doesn't even really enter into the discussion. Meaning that you're going to put the Acegi filter out there, and configure it to protect whatever URLs your CXF services are published on. Acegi wouldn't know anything about CXF in that case. This currently works fine if you use the CXFServlet approach and deploy your application as a war into some sort of Servlet container. However, if you do a J2SE standalone mode application, this is quite hard to do right now and is something we should make a bit easier. Currently, you would need to grab the raw Jetty listeners, use the Jetty API's to add the filters, etc (Note: this also applies if you want to secure your decoupled destination for a ws-rm/ws-a interaction) We probably should allow filters to be added via the spring configuration for the destination. That would simplify things quite a bit. From there you can decide in your endpoints how you consider the 'Principal'. You could retrieve it from Acegi without it being part of WS-Security and keep it loose that way. Or you could find some means of integrating Acegi into a WS-Security provider for CXF somehow. This was the interceptor I mentioned before. An interceptor after the WS-Sec interceptors would have access to the stuff decoded from the message. The interceptor could create the principal object and pass that into Acegi. Dan The application I am building will support both plain xml over http and soap over http. So in that case it makes sense for me to place security at the http layer, and avoid relying on something like WS-Security. On 9/17/07, Daniel Kulp [EMAIL PROTECTED] wrote: Interesting you should ask this.I first heard about ACEGI last week in a different conversation and have just started to look into it a bit. I'd LOVE to have your input into this as to what you think is needed or what you would consider good integration. Here are my thoughts so far: (keep in mind, I had never heard of ACEGI till last week so I could be completely off base) 1) If you deploy your app as a war using the spring webapp stuff and setting up to use aop for your service, it should just work. The acegi filter should grab the basic-auth stuff, setup the security context stuff it needs, and when we call invoke on the service, the acegi stuff should grant/deny it. 2) Longer term, we could write an interceptor that grabs the AuthorizationPolicy object and HTTPS/WS-Sec stuff from our message and fills in the acegi contexts with the details.That really wouldn't be a huge amount of work to do. Dan On Thursday 13 September 2007, mattmadhavan wrote: Hello, Can some one point me to some docs on the CXF and ACEGI integration or CXF and security like authentication and authorization. Some sample app will even be great. I found some blogs on the CXF+ACEGI, but it is Java centric. On the client side we need to set the which class handles the security on the Server side! But if I am using some other language for clients like C# it does n't seem to be the proper way! Any ideas will be greatly appreciated. Thanks Matt -- J. Daniel Kulp Principal Engineer IONA P: 781-902-8727C: 508-380-7194 [EMAIL PROTECTED] http://www.dankulp.com/blog -- J. Daniel Kulp Principal Engineer IONA P: 781-902-8727C: 508-380-7194 [EMAIL PROTECTED] http://www.dankulp.com/blog -- View this message in context: http://www.nabble.com/CXF%2BACEGI-tf4436973.html#a12758983 Sent from the cxf-user mailing list archive at Nabble.com.
Re: CXF+ACEGI + Anybody out there?
Eric, Do you mind posting a complete example. May be we can have a very constructive discussions based on that. Thanks Matt BigEHokie wrote: Dan, What sort of solution are you looking for? We are using an Acegi/Spring/CXF implementation at our company where we are using WS-Security and Acegi for authentication and AOP/Acegi for authorization. We could be interested in contributing. Thanks, Eric On Tue, 2007-09-18 at 00:15 +0200, Dan Diephouse wrote: And I want somebody to contribute a cleaner solution :-D I know there is a lot of stuff we could do with Spring Security/Acegi that would be super cool. It'd be a real low barrier way to contribute some stuff if anyone is interested. Cheers, - Dan mattmadhavan wrote: Hi Ray, No I do not want the client side to tell the server! Thats my point. Some good blogs I have seen, do that! Where the client 'tells' which handler to use! I want a cleaner ACEGI+ XFIRE solution! Thanks Matt Ray Krueger wrote: You want the client to tell the server how to do security? That sounds crazy :) Your client side should either be doing http based security or ws-security. That doesn't have anything to do with Acegi at that point. On 9/14/07, Zarar Siddiqi [EMAIL PROTECTED] wrote: I'm trying to understand what you're saying but am having difficulty. But here goes: Can some one point me to some docs on the CXF and ACEGI integration or CXF and security like authentication and authorization. I use Acegi for authorization purposes only. IMHO it doesn't really make sense for authentication (WS-Security can do that). So I use the MethodSecurityInterceptor and BeanNameAutoProxyCreator to manage calls to my service level methods. The Acegi docs can help you there, the only difference I think is that you have to set the authentication token yourself, e.g.: UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( user.getUsername(), user.getPassword(), user.getAuthorities()); // Populate Acegi Security Context SecurityContextHolder.getContext().setAuthentication(token); I found some blogs on the CXF+ACEGI, but it is Java centric. On the client side we need to set the which class handles the security on the Server side! But if I am using some other language for clients like C# it doesn't seem to be the proper way! You can pass the class name which handles security to the server (crazy thought I think!) using a header element and then parse it using CXF interceptors. Zarar mattmadhavan wrote: Any Help will be appreciated! mattmadhavan wrote: Hello, Can some one point me to some docs on the CXF and ACEGI integration or CXF and security like authentication and authorization. Some sample app will even be great. I found some blogs on the CXF+ACEGI, but it is Java centric. On the client side we need to set the which class handles the security on the Server side! But if I am using some other language for clients like C# it does n't seem to be the proper way! Any ideas will be greatly appreciated. Thanks Matt -- View this message in context: http://www.nabble.com/CXF%2BACEGI-tf4436973.html#a12677582 Sent from the cxf-user mailing list archive at Nabble.com. -- Dan Diephouse MuleSource http://mulesource.com | http://netzooid.com/blog -- View this message in context: http://www.nabble.com/CXF%2BACEGI-tf4436973.html#a12759141 Sent from the cxf-user mailing list archive at Nabble.com.
Re: CXF+ACEGI + Anybody out there?
Any Help will be appreciated! mattmadhavan wrote: Hello, Can some one point me to some docs on the CXF and ACEGI integration or CXF and security like authentication and authorization. Some sample app will even be great. I found some blogs on the CXF+ACEGI, but it is Java centric. On the client side we need to set the which class handles the security on the Server side! But if I am using some other language for clients like C# it does n't seem to be the proper way! Any ideas will be greatly appreciated. Thanks Matt -- View this message in context: http://www.nabble.com/CXF%2BACEGI-tf4436973.html#a12676576 Sent from the cxf-user mailing list archive at Nabble.com.
Re: JAva First/WSDL-Contract First Pros and Cons
Hi James, Thanks for the reply and the link. Very useful. BTW, what is a STP? (Forgive my ignorance!) Thanks Matt James Mao wrote: The javaFirst approach is more productive than the wsdlFirst IMO, you type less but get more, and java code is more readable than the wsdl for a java programmer You're looking for STP project Take a look at the doc http://cwiki.apache.org/confluence/display/CXF20DOC/Java+to+WSDL BTW, the java2wsdl will be replaced by java2ws, which add some extra features James Hello, I am looking into various ways of developing Webservices. For green field development it seems that, Java first is the better way! Any ideas on pros and cons of Java first vs wsdl first? Any documentation and pointers will be appreciated. Also any tool to convert my Java interface/impl to clean WSDL (java2wsdl) in eclipse would be appreciated. Thanks Matt -- View this message in context: http://www.nabble.com/JAva-First-WSDL-Contract-First-Pros-and-Cons-tf4385268.html#a12555830 Sent from the cxf-user mailing list archive at Nabble.com.
Re: JAva First/WSDL-Contract First Pros and Cons
Hi Glen, Great article. Thanks for the reply. I am already using jibx bindings for my couple of projects. I might as well as go all the way! Any ideas on throwing exceptions in Java and converting them to fault code using WSDL/JIBX2WSDL? Thanks again! Matt Glen Mazza-2 wrote: Dennis Sosnoski recommends[1] Java-first *as you are building your WSDL*, but once you have your WSDL, to set your webservice based on that. Glen [1] http://www.infoq.com/articles/sosnoski-code-first Am Donnerstag, den 06.09.2007, 10:30 +0800 schrieb James Mao: The javaFirst approach is more productive than the wsdlFirst IMO, you type less but get more, and java code is more readable than the wsdl for a java programmer You're looking for STP project Take a look at the doc http://cwiki.apache.org/confluence/display/CXF20DOC/Java+to+WSDL BTW, the java2wsdl will be replaced by java2ws, which add some extra features James Hello, I am looking into various ways of developing Webservices. For green field development it seems that, Java first is the better way! Any ideas on pros and cons of Java first vs wsdl first? Any documentation and pointers will be appreciated. Also any tool to convert my Java interface/impl to clean WSDL (java2wsdl) in eclipse would be appreciated. Thanks Matt -- View this message in context: http://www.nabble.com/JAva-First-WSDL-Contract-First-Pros-and-Cons-tf4385268.html#a12531494 Sent from the cxf-user mailing list archive at Nabble.com.
JAva First/WSDL-Contract First Pros and Cons
Hello, I am looking into various ways of developing Webservices. For green field development it seems that, Java first is the better way! Any ideas on pros and cons of Java first vs wsdl first? Any documentation and pointers will be appreciated. Also any tool to convert my Java interface/impl to clean WSDL (java2wsdl) in eclipse would be appreciated. Thanks Matt -- View this message in context: http://www.nabble.com/JAva-First-WSDL-Contract-First-Pros-and-Cons-tf4385268.html#a12501777 Sent from the cxf-user mailing list archive at Nabble.com.
Help in annotating Java beans as paramater to a web service!
Hello, Please bear with me, I am new to CXF. I am doing a Java first development and I have one webservice method called addProductInfo, which takes a paramter, ProductInfo. @WebService(name = ProductInfo, targetNamespace = http://vibes.contentmanagement;) public interface IAddProductInfo extends Serializable { @WebMethod(operationName=addProductInfo, action=urn:addProductInfo) @WebResult(name=return) public Integer addProductInfo(@WebParam(name=productInfo)BaseProduct product); } My BaseProduct class is as follows: public class BaseProduct extends BaseEntity { private String name = ; private String description; private float price; private String keyword = ; private String shortCode; } All the fields are required except, keyword and short code! How do I annotate the webmethod and the individual fields on the BaseProduct class? Can someone point me to right documentations. Thanks Matt -- View this message in context: http://www.nabble.com/Help-in-annotating-Java-beans-as-paramater-to-a-web-service%21-tf4379704.html#a12484583 Sent from the cxf-user mailing list archive at Nabble.com.
CXF and other Spring bean configurations
Hello, I am doing a Java first development for a webservice. My imle class looks like, public class AddProductInfo implements IAddProductInfo { public AddProductInfo () { } /* (non-Javadoc) * @see com.vibes.content.ws.IAddProductInfo#addProductInfo(com.vibes.content.ws.BaseProduct) */ public Integer addProductInfo (BaseProduct product) { _log.info(addProductInfo called...); _log.info(Product Name = + product.getName()); _log.info(Product Description = + product.getDescription()); return new Integer(1); } /* (non-Javadoc) * @see com.vibes.content.ws.IAddProductInfo#addContentProviderInfo(java.lang.Integer, java.lang.Integer, java.lang.Integer, java.lang.String, boolean) */ public Integer addContentProviderInfo (Integer productID, Integer carrierID, Integer contentProvierID, String contentURL, boolean isProductDesc) { _log.info(Product ID = + productID); _log.info(Carrier ID = + carrierID); _log.info(contentProvierID ID = + contentProvierID); return new Integer(10001); } } I would like to make sure this bean (The W.S impl class) is singleton and also I would like to dependency inject DAO classes created via other spring configurations files. Can some one poin t me to right documentations? Thanks Matt -- View this message in context: http://www.nabble.com/CXF-and-other-Spring-bean-configurations-tf4379949.html#a12485392 Sent from the cxf-user mailing list archive at Nabble.com.