Any webservice exported using blueprint is accessible from remote. You will only not see it as a rsa remote service.
What I meant is. Can you export your service using rsa but without an Export policy if you add the interceptor as a service property? I am not sure if this kind of interceptors work with the current cxf dosgi versions. In general the recommended practice for securing services is using a CXF feature and refer to it as an intent. For example the new CXF logging feature registers itself as an intent. https://github.com/apache/cxf/blob/master/rt/features/logging/src/main/java/org/apache/cxf/ext/logging/osgi/Activator.java#L89-L90 The rest example readme shows how to add such an intent to your service: https://github.com/apache/cxf-dosgi/blob/59e432afabb2a8f6a812b2a8f12cda68f4bfa775/samples/rest/README.md#add-logging-intent (Basically you simply add a service property "service.exported.intents" with your intent name as value). This way you could create a feature that adds the security interceptors and export it with intent name "mysecurity" and then add the service property above to all services that should be secured. The ExportPolicy is only needed if you want to add this property transparently to your services without touching them. Christian Am Fr., 26. Okt. 2018 um 12:27 Uhr schrieb Niehues, Christian < christian.nieh...@its-digital.de>: > It works if I define the service as CXF endpoint in blueprint. But if I > set it there it is not published as RSA endpoint and so it seems it's not > accessible from remote. > > > Christian > > > ------------------------------ > *Von:* Christian Schneider <ch...@die-schneider.net> > *Gesendet:* Donnerstag, 25. Oktober 2018 17:24:40 > *An:* user@aries.apache.org > *Betreff:* Re: Aries RSA: securing exported services with ExportPolicy > > Does it work if you set the interceptor directly on the service? > > Christian > > Am Do., 25. Okt. 2018 um 08:57 Uhr schrieb Niehues, Christian < > christian.nieh...@its-digital.de>: > >> Hi, >> >> >> I try to export a service in my karaf to be able to process SOAP messages >> sent from remote client but I am facing problems to secure it. The >> documentation for Aries RSA about the TopologyManager notes that >> ExportPolicy implementations can be used to add authentication but I am >> missing further details. >> >> >> I tried to achieve it by adding an interceptor in my ExportPolicy but >> that seems not to help: >> >> >> props.put("service.exported.configs", "org.apache.cxf.ws"); >> props.put("org.apache.cxf.ws.address", "http://192.168.1.100:9000/sync";); >> props.put("org.apache.cxf.ws.in.interceptors", "com.acme.MyInterceptor"); >> >> com.acme.Myinterceptor extends >> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor >> >> I also tried to provide the Interceptor classname as List<String> or >> String[] but that didn't work either, the interceptor never get's invoked >> when sending messages. >> >> So what I am doing wrong or is there any other/better way to secure a >> service provided by Aries RSA? >> >> Thanks, >> >> Christian >> >> > > -- > -- > Christian Schneider > http://www.liquid-reality.de > > Computer Scientist > http://www.adobe.com > > -- -- Christian Schneider http://www.liquid-reality.de Computer Scientist http://www.adobe.com
