The main problem is that the jsr181 component has not been designed to receive soap envelopes. The soap protocol should be handled by the BC. The main reason is that from a JBI point of view, soap is considered as a protocol, and all protocols should be handled by BCs.
ServiceMix uses JACC for authentication and while we do not have any LDAP login module, it should be easy to adapt the Geronimo ones on ServiceMix. Seguy wrote: > > Hello, > I wasn't aware that someone was working in this issue. > I have done a slight modification of the Jsr181Endpoint( not http > endpoint)... > only a new attribute to be able of manage a list of security handlers and > then > the descriptor looks like the following code (inside >>> <<<). > Seems that works ok to manage a user token, but I haven't test yet the > encryption > and signature of the envelope. > > With this approximation you can sign and encrypt the envelope with your > response, > not only decrypt and verify the request envelope. > In this way you also can write your customized handler for the user token, > say for example writing your own code to validate the user against a ldap > server. > > What you think of this way to achieve WSS4J support ? > >>>> > <jsr181:endpoint > pojoClass="org.codehaus.xfire.demo.BookService" annotations="none" > service="demo:simple-service" > endpoint="simple-service"> > > <jsr181:inHandlers> > <secure:handler > handlerClass="org.codehaus.xfire.util.dom.DOMInHandler" /> > <bean > class="org.codehaus.xfire.security.wss4j.WSS4JInHandler" xmlns=""> > <property name="properties"> > <props> > <prop key="action">UsernameToken</prop> > <prop > key="passwordCallbackClass">org.codehaus.xfire.demo.PasswordHandler</prop> > </props> > </property> > </bean> > <secure:handler > handlerClass="org.codehaus.xfire.demo.ValidateUserTokenHandler" /> > </jsr181:inHandlers> > > </jsr181:endpoint> > </beans> > <<< > > -- View this message in context: http://www.nabble.com/about-security-question-tf2478893.html#a6950593 Sent from the ServiceMix - User mailing list archive at Nabble.com.
