Re: Camel-Spring-Security with CXF Web Service does not receive Authentication header

Sun, 26 Aug 2012 19:06:28 -0700 

On Monday, August 27, 2012 at 12:28 AM, dm...@gmx.de wrote:
> Hello again,
>  
> as before: I'm using Camel 2.10.0 (Java 1.6), and I'm having two issues with 
> the Camel-Spring-Security component.  
>  
> The first one should be an easy one. It seems like the following dependency 
> is missing when adding camel-spring-security to the pom:
>  
> <dependency>
> <groupId>org.springframework.security</groupId>
> <artifactId>spring-security-web</artifactId>
> <version>3.1.0.RELEASE</version>
> </dependency>
>  
> Without this dependency, server startup shows the error message 
> java.lang.ClassNotFoundException: 
> org.springframework.security.web.FilterChainProxy 
> (http://web.FilterChainProxy)
Thanks for reporting this, but camel-spring-security don't have the dependency 
on the spring web, and we can use it without help of spring web, so we don't 
need to add the dependency on the pom.  

When you use it with spring web, you need to add the dependency on your 
application pom.
>  
> My second issue is a little bit more complicated. I'm using a web service as 
> entry point into my route:
>  
> @WebService
> public interface MyService {
> String getInformation(String id);
> }
>  
> The route is configured with Spring Security (policy ref elements). Now take 
> a simple JUnit test and add the subject:
>  
> Subject subject = new Subject();
> subject.getPrincipals().add(new UsernamePasswordAuthenticationToken("test", 
> "test"));
> Processor processor = new Processor() {
> @Override
> public void process(Exchange exchange) throws Exception {
> exchange.getIn().setHeader(Exchange.AUTHENTICATION, subject);
>  
> This does not work, checking for the CamelAuthentication header in the route 
> shows that this value is null. However, it is not null when I'm e.g. using a 
> direct: route instead of the web service as entry point. With direct, spring 
> security checks are working fine. But not with a CXF endpoint. What's wrong 
> here?
Current CXF doesn't send the Exchange properties across the endpoint,you need 
to build up the subject with help of WS-Security, and direct endpoint just copy 
exchange across the endpoint.
>  
> Thanks. Dominik

--  
Willem Jiang



FuseSource
Web: http://www.fusesource.com (http://www.fusesource.com/)
Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.com/) 
(English)
http://jnn.javaeye.com (http://jnn.javaeye.com/) (Chinese)
Twitter: willemjiang  

Weibo: willemjiang

Reply via email to