You can read more about CXF security configuration at Apache CXF Documentation > Index > WS-* Support > WS-Security
I implemented WS-security by extending WSS4JInInterceptor and injecting AuthenticationManager to it.
CompanyWSS4JInInterceptor
This is first part
package com.company.auth.service;
import java.util.Map;
import java.util.Vector;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSUsernameTokenPrincipal;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.handler.WSHandlerResult;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.Authentication;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.AuthenticationProvider;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.util.Assert;
public class CompanyWSS4JInInterceptor extends WSS4JInInterceptor implements InitializingBean
{
AuthenticationProvider authenticationProvider;
public CompanyWSS4JInInterceptor()
{
super();
}
public CompanyWSS4JInInterceptor(final Map<String, Object> properties)
{
super(properties);
}
public void setAuthenticationProvider(final AuthenticationProvider authenticationProvider)
{
this.authenticationProvider = authenticationProvider;
}
@Override
public void handleMessage(final SoapMessage message) throws Fault
{
try
{
super.handleMessage(message);
final Vector<WSHandlerResult> result = (Vector<WSHandlerResult>) message
.getContextualProperty(WSHandlerConstants.RECV_RESULTS);
if ((result != null) && !result.isEmpty())
{
for (final WSHandlerResult res : result)
{
// loop through security engine results
for (final WSSecurityEngineResult securityResult : (Vector<WSSecurityEngineResult>) res
.getResults())
{
final int action = (Integer) securityResult
.get(WSSecurityEngineResult.TAG_ACTION);
// determine if the action was a username token
if ((action & WSConstants.UT) > 0)
{
// get the principal object
final WSUsernameTokenPrincipal principal = (WSUsernameTokenPrincipal) securityResult
.get(WSSecurityEngineResult.TAG_PRINCIPAL);
if (principal.getPassword() == null)
{
principal.setPassword("");
}
Authentication authentication = new UsernamePasswordAuthenticationToken(
principal.getName(), principal.getPassword());
authentication = authenticationProvider.authenticate(authentication);
if (!authentication.isAuthenticated())
{
System.out.println("This user is not authentic.");
}
SecurityContextHolder.getContext().setAuthentication(authentication);
}
}
}
}
}
catch (final RuntimeException ex)
{
ex.printStackTrace();
throw ex;
}
}
@Override
public void afterPropertiesSet() throws Exception
{
Assert.notNull(authenticationProvider, "Authentication provider must be set");
Assert.notNull(getProperties(), "Interceptor properties must be set, even if empty");
}
}
ServerPasswordCallback
package com.company.auth.service;
import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.WSPasswordCallback;
public class ServerPasswordCallback implements CallbackHandler
{
public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException
{
final WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
pc.setPassword(pc.getPassword());
}
}
0 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.
You must be logged in to post a comment.