如何使用 ws-security 访问 cxf-se 中的用户名原理?

发布于 2024-09-07 09:53:46 字数 338 浏览 10 评论 0原文

我终于让 Ws-Security 与 CXF-BC 和 CXF-BC 一起工作了。 CXF-SE组合。我现在尝试从SE中的soap标头访问用户名,以检查调用操作的用户的权限和所有权,但似乎没有办法做到这一点。我知道一旦消息从 BC 传递到 SE,它只需要 SOAP 主体并包装在 JBI 消息中。无论如何,是否可以将肥皂头填充到 JBI 消息中,或者让 BC 在收到后真正转发 SOAP 消息。我尝试禁用 BC 和 SE 上的 JBIwrapper,虽然它以 SOAP 形式发送消息,但它只发送原始 msg san 标头的正文。

我不知道为什么在 BC/SE 上做到这一点如此困难和复杂,因为使用 JAXWS 相对容易做到。

谢谢

I finally got the Ws-Security working with CXF-BC & CXF-SE combination. I'm now trying to access the username from the soap header in the SE to check permission and ownership of the user calling a operation, but there seems to be no way of doing that. I know that once a message get passed from the BC to the SE, it just takes the SOAP body and wraps in a JBI msg. Is there anyway to stuff the soap header in the JBI msg or, have the BC truly forward the SOAP msg as it has received it. I've tried to disable the JBIwrapper on the BC and SE, while it sends the message as SOAP it only sends the body of the original msg san header.

I'm not sure why this is so hard and complex to do this on the BC/SE, since it was relatively easy to do with JAXWS.

Thanks

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

眼眸里的快感 2024-09-14 09:53:46

这个答案来自 Servicemix 用户邮件列表中的 Freeman。

基本上,您必须在 BC 的拦截器上设置 JBI 属性,然后您可以在 SE 上访问它。

前任。 ininterceptor

public class SaveSubjectInterceptor extends AbstractPhaseInterceptor {

public SaveSubjectInterceptor() {
    super(Phase.PRE_INVOKE);
}

public void handleMessage(Message message) throws Fault {
    List<Object> results = (List<Object>) message.get(WSHandlerConstants.RECV_RESULTS);
    if (results == null) {
        return;
    }

    for (Iterator iter = results.iterator(); iter.hasNext();) {
        WSHandlerResult hr = (WSHandlerResult) iter.next();
        if (hr == null || hr.getResults() == null) {
            return;
        }
        boolean authenticated = false;

        for (Iterator it = hr.getResults().iterator(); it.hasNext();) {
            WSSecurityEngineResult er = (WSSecurityEngineResult) it.next();
            Object wstockPrincipal = er.get(WSSecurityEngineResult.TAG_PRINCIPAL);
            if (er != null && wstockPrincipal instanceof WSUsernameTokenPrincipal) {
                WSUsernameTokenPrincipal p = (WSUsernameTokenPrincipal) wstockPrincipal;
                NormalizedMessage nm = (NormalizedMessage) message.getContent(NormalizedMessage.class);
                nm.setProperty("Username", p.getName());
                break;
            }
        }
    }
}

} 

ex of SE pojo

@Resource 
private WebServiceContext wsContext; 

...
...
javax.xml.ws.handler.MessageContext ctx = wsContext.getMessageContext(); 
org.apache.cxf.message.Message message = ((org.apache.cxf.jaxws.context.WrappedMessageContext) ctx).getWrappedMessage(); 
String username = (String) message.get("Username"); 

我希望这对其他人有帮助。
我有一个完整的示例 这里 ws-安全策略,但它是只在那里停留有限的时间。

This answer came from Freeman over at the Servicemix-user mailing-list.

Basically you have to set a JBI property on a BC's ininterceptor, and then you can access it over on the SE.

ex. ininterceptor

public class SaveSubjectInterceptor extends AbstractPhaseInterceptor {

public SaveSubjectInterceptor() {
    super(Phase.PRE_INVOKE);
}

public void handleMessage(Message message) throws Fault {
    List<Object> results = (List<Object>) message.get(WSHandlerConstants.RECV_RESULTS);
    if (results == null) {
        return;
    }

    for (Iterator iter = results.iterator(); iter.hasNext();) {
        WSHandlerResult hr = (WSHandlerResult) iter.next();
        if (hr == null || hr.getResults() == null) {
            return;
        }
        boolean authenticated = false;

        for (Iterator it = hr.getResults().iterator(); it.hasNext();) {
            WSSecurityEngineResult er = (WSSecurityEngineResult) it.next();
            Object wstockPrincipal = er.get(WSSecurityEngineResult.TAG_PRINCIPAL);
            if (er != null && wstockPrincipal instanceof WSUsernameTokenPrincipal) {
                WSUsernameTokenPrincipal p = (WSUsernameTokenPrincipal) wstockPrincipal;
                NormalizedMessage nm = (NormalizedMessage) message.getContent(NormalizedMessage.class);
                nm.setProperty("Username", p.getName());
                break;
            }
        }
    }
}

} 

ex of SE pojo

@Resource 
private WebServiceContext wsContext; 

...
...
javax.xml.ws.handler.MessageContext ctx = wsContext.getMessageContext(); 
org.apache.cxf.message.Message message = ((org.apache.cxf.jaxws.context.WrappedMessageContext) ctx).getWrappedMessage(); 
String username = (String) message.get("Username"); 

I hope this helps someone else.
I have a full example here w/ ws-security policy, but it is only there for a limited amount of time.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文