You can read more about CXF security configuration at Apache CXF Documentation > Index > WS-* Support > WS-Security
I implemented WS-security by extending WSS4JInInterceptor and injecting AuthenticationManager to it.
CompanyWSS4JInInterceptor
This is first part
package com.company.auth.service; import java.util.Map; import java.util.Vector; import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.interceptor.Fault; import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor; import org.apache.ws.security.WSConstants; import org.apache.ws.security.WSSecurityEngineResult; import org.apache.ws.security.WSUsernameTokenPrincipal; import org.apache.ws.security.handler.WSHandlerConstants; import org.apache.ws.security.handler.WSHandlerResult; import org.springframework.beans.factory.InitializingBean; import org.springframework.security.Authentication; import org.springframework.security.context.SecurityContextHolder; import org.springframework.security.providers.AuthenticationProvider; import org.springframework.security.providers.UsernamePasswordAuthenticationToken; import org.springframework.util.Assert; public class CompanyWSS4JInInterceptor extends WSS4JInInterceptor implements InitializingBean { AuthenticationProvider authenticationProvider; public CompanyWSS4JInInterceptor() { super(); } public CompanyWSS4JInInterceptor(final Map<String, Object> properties) { super(properties); } public void setAuthenticationProvider(final AuthenticationProvider authenticationProvider) { this.authenticationProvider = authenticationProvider; } @Override public void handleMessage(final SoapMessage message) throws Fault { try { super.handleMessage(message); final Vector<WSHandlerResult> result = (Vector<WSHandlerResult>) message .getContextualProperty(WSHandlerConstants.RECV_RESULTS); if ((result != null) && !result.isEmpty()) { for (final WSHandlerResult res : result) { // loop through security engine results for (final WSSecurityEngineResult securityResult : (Vector<WSSecurityEngineResult>) res .getResults()) { final int action = (Integer) securityResult .get(WSSecurityEngineResult.TAG_ACTION); // determine if the action was a username token if ((action & WSConstants.UT) > 0) { // get the principal object final WSUsernameTokenPrincipal principal = (WSUsernameTokenPrincipal) securityResult .get(WSSecurityEngineResult.TAG_PRINCIPAL); if (principal.getPassword() == null) { principal.setPassword(""); } Authentication authentication = new UsernamePasswordAuthenticationToken( principal.getName(), principal.getPassword()); authentication = authenticationProvider.authenticate(authentication); if (!authentication.isAuthenticated()) { System.out.println("This user is not authentic."); } SecurityContextHolder.getContext().setAuthentication(authentication); } } } } } catch (final RuntimeException ex) { ex.printStackTrace(); throw ex; } } @Override public void afterPropertiesSet() throws Exception { Assert.notNull(authenticationProvider, "Authentication provider must be set"); Assert.notNull(getProperties(), "Interceptor properties must be set, even if empty"); } }
ServerPasswordCallback
package com.company.auth.service; import java.io.IOException; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.UnsupportedCallbackException; import org.apache.ws.security.WSPasswordCallback; public class ServerPasswordCallback implements CallbackHandler { public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException { final WSPasswordCallback pc = (WSPasswordCallback) callbacks[0]; pc.setPassword(pc.getPassword()); } }
0 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.
You must be logged in to post a comment.