Actually we have testcases domenstrating how each scenario works
cxf bc consumer with ws-security testcase[4]
cxf bc provider with ws-security testcase[5]
cxf bc consumer with https testcase[6]
cxf bc provider with https testcase[7]
However, instead of using WS-Security or HTTPS, one straightforward way is use HTTP Basic Authentication. For cxfbc provider endpoint which play a role as a client, to enaable HTTP Basic Auth, customer need specify a busCfg which configure http:conduit, something like
<http:conduit name="{your_name_space}your_endpoint_name.http-conduit"> <http:authorization> <sec:username>Betty</sec:username> <sec:password>password</sec:password> </http:authorization> </http:conduit>
For cxfbc consumer which play a role as a server, to enable server side HTTP Basic Auth, we need an interceptor to do it, the basic idea is extract AuthorizationPolicy from the incoming message and compare the username/password, but it's not so complicated, here is a good article[8] to show how to do it.
Another way(as Dan Kulp pointed out) to configure server side basic auth is configure the jetty instance to handle the authentication, as Jetty has a "SecurityHandler" that can be configured into the handlers via CXF config. The SecurityHandler takes an Authenticator(they have a BasicAuthenticator) and a UserRealm Object (they have one for basic HashMap lookup things as well as a JDBC version)
[1]http://servicemix.apache.org/servicemix-cxf-bc.html
[2]http://servicemix.apache.org/home.html
[3]http://fusesource.com/
[4]https://svn.apache.org/repos/asf/servicemix/components/bindings/servicemix-cxf-bc/trunk/src/test/java/org/apache/servicemix/cxfbc/ws/security/CxfBCSecurityTest.java
[5]https://svn.apache.org/repos/asf/servicemix/components/bindings/servicemix-cxf-bc/trunk/src/test/java/org/apache/servicemix/cxfbc/ws/security/CxfBcProviderSecurityTest.java
[6]https://svn.apache.org/repos/asf/servicemix/components/bindings/servicemix-cxf-bc/trunk/src/test/java/org/apache/servicemix/cxfbc/ws/security/CxfBcHttpsConsumerTest.java
[7]https://svn.apache.org/repos/asf/servicemix/components/bindings/servicemix-cxf-bc/trunk/src/test/java/org/apache/servicemix/cxfbc/ws/security/CxfBcProviderHttpsTest.java
[8]http://chrisdail.com/2008/03/31/apache-cxf-with-http-basic-authentication/
No comments:
Post a Comment