Do you need HTTP-basic or UsernameToken authentication via SOAP Header?
1. For HTTP basic authentication you don't need any special configuration on
the service side, just get your username/password:
@Resource
WebServiceContext webServiceContext;
AuthorizationPolicy policy = (AuthorizationPolicy)
webServiceContext.getMessageContext().get(AuthorizationPolicy.class.getName());
String username = policy.getUserName();
String password = policy.getPassword();
2. For UsernameToken authentication via SOAP Header I see the following
possibilities:
a) Do not use CXF WSS4J stuff at all and obtain required values from SOAP
Header manually:
@Resource
WebServiceContext webServiceContext;
List<Header> list =
(List<Header>)webServiceContext.getMessageContext().get("org.apache.cxf.headers.Header.list");
for (Header key : list) {
// Get UsernameToken header values here
System.out.println(key.getName() + " - " + key.getObject());
}
b) You can try to configure UsernameTokenInterceptor instead WSS4InInterceptor.
It bypasses the full WSS4J handling and processes the header directly.
UsernameTokenInterceptor is also dependent on WSS4J, but MAY BE it works also
with older versions.
Regards,
Andrei.
-----Original Message-----
From: shadowlaw [mailto:[email protected]]
Sent: Mittwoch, 17. Oktober 2012 10:03
To: [email protected]
Subject: Re: CXF- WSS4J
I will ask in the Jonas forum, but the version we are using is pretty old so
I'm not sure if there is such a option. Is there another way to to use the
basic authentification without WSS4J in cxf or I have to use spring security or
other framework?
--
View this message in context:
http://cxf.547215.n5.nabble.com/CXF-WSS4J-tp5716752p5716800.html
Sent from the cxf-user mailing list archive at Nabble.com.
