Re: Interceptors for WS security

Tue, 12 Mar 2013 10:34:29 -0700

Adam, I think you made the unfortunate decision of starting with code-first, calculating that it would be 20% simpler than WSDL-first, but because virtually no examples handle security from a Java-first perspective you're having several headaches downstream. There goes your 20% (and then some). :(
I'd recommend switching to WSDL-first[1] so you'll have the benefit of lots of examples to leverage for your own work. You most likely wouldn't be using the antiquated WSS4JOutInterceptor if you were doing WSDL-first, instead you can just rely on WS-SecurityPolicy statements in your WSDL instead. But, in the interim, hopefully someone else can provide you an answer for your question below. 

Glen

[1] http://www.jroller.com/gmazza/entry/web_service_tutorial

On 03/11/2013 11:16 PM, adamcchang wrote:

Thank you guys for the help.  However I am having this issue when I tried to
add WSS4JOutInterceptor to my WS client.  I followed the example in Mazza's
blog.

Exception in thread "main" java.lang.ClassCastException:
com.sun.xml.internal.ws.client.sei.SEIStub cannot be cast to
org.apache.cxf.frontend.ClientProxy


        Map ctx = ((BindingProvider)uciRoleServiceSOAP).getRequestContext();
        ctx.put("ws-security.username", "joe");
        ctx.put("ws-security.callback-handler",
ClientPasswordCallback.class.getName());
        // instead of above line can also do:
        // ctx.put("ws-security.password", "joespassword");

        
     // Alternative CXF interceptor config method
        org.apache.cxf.endpoint.Client client =
org.apache.cxf.frontend.ClientProxy.getClient(uciRoleServiceSOAP);  <====
this is where the error happens
     org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
     Map outProps = new HashMap();
     outProps.put(WSHandlerConstants.ACTION,
WSHandlerConstants.USERNAME_TOKEN);
     outProps.put(WSHandlerConstants.USER, "joe");
     outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
     outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
ClientPasswordCallback.class.getName());
     WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
     cxfEndpoint.getOutInterceptors().add(wssOut);


I have my client code (UciRoleServiceSOAP_Service uciRoleServiceSOAP_Service
) generated by wsdl2java.  Could anybody help me on how to get the cxfclient
from a wsdl2java code please?  Thanks a lot.

Regards,

~Adam







--
View this message in context: 
http://cxf.547215.n5.nabble.com/Interceptors-for-WS-security-tp5722285p5724423.html
Sent from the cxf-user mailing list archive at Nabble.com.
























					Reply via email to