Re: How to obtain the Username Token username and password in the endpoint.

Tue, 21 Aug 2012 12:52:22 -0700

There's another CXF user currently working towards using a custom validator to get the password (http://cxf.547215.n5.nabble.com/Urgent-Blank-password-received-on-server-side-password-callback-tp5712743p5712749.html)--you may need to do that to disable the UsernameTokenValidator.
CXF has a "context.get(Header.HEADER_LIST)" -- http://cxf.apache.org/faq.html#FAQ-HowcanIaddsoapheaderstotherequest%2Fresponse%3F -- to be able to obtain SOAP headers from within your SEI methods but it does not appear commonly used (googling it doesn't turn up much), reading/manipulating SOAP headers via interceptors (http://www.jroller.com/gmazza/entry/jaxwshandlers_to_cxfinterceptors), JAX-WS Handlers or the JAX-WS Provider interface is probably more common. 

HTH,
Glen

On 08/21/2012 03:11 PM, Rudy Meyer wrote:

Hello,

I am using CXF 2.6.1.  I have a case where I need the username/password
passed in the security header for further processing in my service endpoint
and I am not sure how to accomplish this.  I have this annotation on my
service:
@org.apache.cxf.interceptor.InInterceptors (interceptors =
{"com.base.WSSecurityInterceptor" })

In that interceptor.handleMessage() I have this code:

Map<String, Object> inProps = new HashMap<String, Object>();
inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
inProps.put(WSHandlerConstants.PW_CALLBACK_REF, new PasswordHandler());

WSS4JInInterceptor wss4jInHandler = new WSS4JInInterceptor(inProps);
ValidateUserTokenInterceptor userTokenInterceptor = new
ValidateUserTokenInterceptor(Phase.POST_PROTOCOL);

message.getInterceptorChain().add(wss4jInHandler);
message.getInterceptorChain().add(new SAAJInInterceptor());
message.getInterceptorChain().add(userTokenInterceptor);

I do not want the PasswordHandler() to set a password and I do not want the
built-in UsernameTokenValidator to validate the password.  I have read
Colm's blog
http://coheigea.blogspot.com/2011/06/custom-token-validation-in-apache-cxf.html
Custom token validation in Apache CXF 2.4  but I don't understand where
these settings go and how to implement this.  What I need is access to the
username and password passed in the message within my serviceimpl method.

I could use help to get through this learning curve.

Thank you.



--
View this message in context: 
http://cxf.547215.n5.nabble.com/How-to-obtain-the-Username-Token-username-and-password-in-the-endpoint-tp5712917.html
Sent from the cxf-user mailing list archive at Nabble.com.
























					Reply via email to