Hi CXF users I want to implement a CXF webservice that validates a Kerberos token with plain WS-Security (not Policy) from the client.
I found the following article, but it is done with WS-SecurityPolicy: http://coheigea.blogspot.com/2011/10/using-kerberos-with-web-services-part-i.html However, I was able to adapt some things from it. I have a "kerberos.jaas" file that is passed to the webservice (Spring-Boot) as "java.security.auth.login.config" and has the following content myContext { com.sun.security.auth.module.Krb5LoginModule required refreshKrb5Config=true useKeyTab=true storeKey=true keyTab="path\to\keytab\file.keytab" principal="HTTP/myService@Realm"; }; In the Spring configuration I have this Bean @Bean public KerberosTokenValidator kerberosTokenValidator() { KerberosTokenValidator validator = new KerberosTokenValidator(); validator.setContextName("myContext"); validator.setServiceName("myService"); return validator; } And the webservice endpoint is configured with the validator and the JAAS context name: factory.getProperties().put(SecurityConstants.BST_TOKEN_VALIDATOR, kerberosTokenValidator); factory.getProperties().put(SecurityConstants.KERBEROS_JAAS_CONTEXT_NAME, " myContext "); All this has of course no effect at all because there is no WSS4J In-Interceptor that triggers the WS-Security processing. @Bean public WSS4JInInterceptor wss4JInInterceptor() { Map<String, Object> properties = new HashMap<>(); properties.put(WSHandlerConstants.ACTION, >>> ??? <<<); return new WSS4JInInterceptor(properties); } But I did not found what WSS4J action is needed to configure the Kerberos validation. The action "KERBEROS_TOKEN" seems to add a token, so it is the opposite of what I want. Thanks for any help Stephan
