Hi,
I think you can take a look at [1] as an example.
[1]https://svn.apache.org/repos/asf/servicemix/components/trunk/bindings/servicemix-cxf-bc/src/main/java/org/apache/servicemix/cxfbc/interceptors/JbiJAASInterceptor.java
Freeman
On 2011-7-19, at 上午6:35, Jaime Hablutzel Egoavil wrote:
Or at least, could someone tell me how to add a custom interceptor
after
WSS4J interceptor to access the signing certificate of a wss signed
soap
message?
On Mon, Jul 18, 2011 at 1:30 PM, Jaime Hablutzel Egoavil <
hablutz...@gmail.com> wrote:
Hi I have a web service exposed with cxf with this wsdl:
<?xml version='1.0' encoding='UTF-8'?><wsdl:
definitions name="CXFLibraryImplService" targetNamespace="
http://service2.ws.service.kprtech.com/"; xmlns:ns1="
http://cxf.apache.org/bindings/xformat"; xmlns:soap="
http://schemas.xmlsoap.org/wsdl/soap/"; xmlns:tns="
http://service2.ws.service.kprtech.com/"; xmlns:wsdl="
http://schemas.xmlsoap.org/wsdl/"; xmlns:xsd="
http://www.w3.org/2001/XMLSchema";>
<wsdl:types>
<xs:schema elementFormDefault="unqualified" targetNamespace="
http://service2.ws.service.kprtech.com/"; version="1.0" xmlns:ns1="
http://cxf.apache.org/bindings/xformat"; xmlns:soap="
http://schemas.xmlsoap.org/wsdl/soap/"; xmlns:tns="
http://service2.ws.service.kprtech.com/"; xmlns:wsdl="
http://schemas.xmlsoap.org/wsdl/"; xmlns:xs="
http://www.w3.org/2001/XMLSchema"; xmlns:xsd="
http://www.w3.org/2001/XMLSchema";>
<xs:element name="sayHello" type="tns:sayHello" />
<xs:element name="sayHelloResponse" type="tns:sayHelloResponse" />
<xs:complexType name="sayHello">
<xs:sequence>
<xs:element minOccurs="0" name="arg0" type="xs:string" />
</xs:sequence>
</xs:complexType>
<xs:complexType name="sayHelloResponse">
<xs:sequence>
<xs:element minOccurs="0" name="return" type="xs:string" />
</xs:sequence>
</xs:complexType>
</xs:schema>
</wsdl:types>
<wsdl:message name="sayHello">
<wsdl:part element="tns:sayHello" name="parameters">
</wsdl:part>
</wsdl:message>
<wsdl:message name="sayHelloResponse">
<wsdl:part element="tns:sayHelloResponse" name="parameters">
</wsdl:part>
</wsdl:message>
<wsdl:portType name="Library">
<wsdl:operation name="sayHello">
<wsdl:input message="tns:sayHello" name="sayHello">
</wsdl:input>
<wsdl:output message="tns:sayHelloResponse"
name="sayHelloResponse">
</wsdl:output>
</wsdl:operation>
</wsdl:portType>
<wsdl:binding name="CXFLibraryImplServiceSoapBinding"
type="tns:Library">
<wsp:PolicyReference URI="#SignEncr" xmlns:wsp="
http://schemas.xmlsoap.org/ws/2004/09/policy"; />
<soap:binding style="document" transport="
http://schemas.xmlsoap.org/soap/http"; />
<wsdl:operation name="sayHello">
<soap:operation soapAction="" style="document" />
<wsdl:input name="sayHello">
<soap:body use="literal" />
</wsdl:input>
<wsdl:output name="sayHelloResponse">
<soap:body use="literal" />
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:service name="CXFLibraryImplService">
<wsdl:port binding="tns:CXFLibraryImplServiceSoapBinding"
name="CXFLibraryImplPort">
<soap:address location="
http://localhost:8888/domicilios/services/service2"; />
</wsdl:port>
</wsdl:service>
<wsp:Policy wsu:Id="SignEncr" xmlns:wsp="
http://schemas.xmlsoap.org/ws/2004/09/policy"; xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
">
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding xmlns:sp="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient
">
<wsp:Policy>
<sp:RequireThumbprintReference />
<sp:WssX509V1Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never
">
<wsp:Policy>
<sp:RequireThumbprintReference />
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp />
<sp:OnlySignEntireHeadersAndBody />
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10 xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier />
<sp:MustSupportRefIssuerSerial />
</wsp:Policy>
</sp:Wss10>
<sp:SignedParts xmlns:sp="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<sp:Body />
</sp:SignedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</wsdl:definitions>
And I want to be able to get the certificate in a custom
intereceptor to be
able to pass it to spring security session context.
Another thing I want is to be able to override the default
behaviour of cxf
trying to validate the certPath, because I want to do this by my
own because
certificate aren't in a .jsk keystore but in a database.
I have read that I need a second interceptor, but how to set an
interceptor
and give it lower precedence??
Thanks.
--
Jaime Hablutzel - 9-9956-3299
(tildes omitidas intencionalmente)
--
Jaime Hablutzel - 9-9956-3299
(tildes omitidas intencionalmente)
---------------------------------------------
Freeman Fang
FuseSource
Email:ff...@fusesource.com
Web: fusesource.com
Twitter: freemanfang
Blog: http://freemanfang.blogspot.com
