[Dev] WSS4JStaxInInterceptor SecurityEvent

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Dev] WSS4JStaxInInterceptor SecurityEvent

Isuranga Perera
Hi

I'm using CXF security processing with stream security. There I was able to
find

List<SecurityEvent> requestSecurityEvents =
                (List<SecurityEvent>)
soapMessage.getExchange().get(SecurityEvent.class.getName() + ".out");


Appreciate if you can explain how to set this SecurityEvent extension
manually and the purpose of it.

Best Regards
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Dev] WSS4JStaxInInterceptor SecurityEvent

coheigea
Administrator
What exactly are you trying to do with the streaming security interceptors?

Colm.

On Tue, Aug 8, 2017 at 4:53 PM, Isuranga Perera <[hidden email]>
wrote:

> Hi Colm
>
> Thanks for the immediate response. I managed to add stream security
> interceptors and process security headers. But I found out that they change
> message.getContent(StreamReader.class). So can you suggest a way to
> extract SOAPBody from the content?
>
> Best Regards
>
> On Tue, Aug 8, 2017 at 7:52 PM, Colm O hEigeartaigh <[hidden email]>
> wrote:
>
>> It's not something that you should need to configure. It's used by the
>> streaming WS-Security code inside WSS4J to retrieve security "events" from
>> either inbound or outbound processing. For example, on an inbound request
>> you might decrypt a key which you might then need to use to secure the
>> message reply.
>>
>> Colm.
>>
>> On Tue, Aug 8, 2017 at 10:51 AM, Isuranga Perera <
>> [hidden email]>
>> wrote:
>>
>> > Hi
>> >
>> > I'm using CXF security processing with stream security. There I was able
>> > to find
>> >
>> > List<SecurityEvent> requestSecurityEvents =
>> >                 (List<SecurityEvent>) soapMessage.getExchange().get(
>> SecurityEvent.class.getName()
>> > + ".out");
>> >
>> >
>> > Appreciate if you can explain how to set this SecurityEvent extension
>> > manually and the purpose of it.
>> >
>> > Best Regards
>> >
>>
>>
>>
>> --
>> Colm O hEigeartaigh
>>
>> Talend Community Coder
>> http://coders.talend.com
>>
>
>


--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Dev] WSS4JStaxInInterceptor SecurityEvent

Isuranga Perera
I'm using CXF security policy enforcement without CXF transport. I convert
the policy file to a Neethi object and used PolicyInInterceptor to get
required interceptors to process the security header. I managed to verify
security successfully with stream security enabled.

But now I can't extract the soap body to pass to the service. I need to
know about interceptors which can continue the process from here.

On Wed, Aug 9, 2017 at 8:32 PM, Colm O hEigeartaigh <[hidden email]>
wrote:

> What exactly are you trying to do with the streaming security interceptors?
>
> Colm.
>
> On Tue, Aug 8, 2017 at 4:53 PM, Isuranga Perera <[hidden email]
> > wrote:
>
>> Hi Colm
>>
>> Thanks for the immediate response. I managed to add stream security
>> interceptors and process security headers. But I found out that they change
>> message.getContent(StreamReader.class). So can you suggest a way to
>> extract SOAPBody from the content?
>>
>> Best Regards
>>
>> On Tue, Aug 8, 2017 at 7:52 PM, Colm O hEigeartaigh <[hidden email]>
>> wrote:
>>
>>> It's not something that you should need to configure. It's used by the
>>> streaming WS-Security code inside WSS4J to retrieve security "events"
>>> from
>>> either inbound or outbound processing. For example, on an inbound request
>>> you might decrypt a key which you might then need to use to secure the
>>> message reply.
>>>
>>> Colm.
>>>
>>> On Tue, Aug 8, 2017 at 10:51 AM, Isuranga Perera <
>>> [hidden email]>
>>> wrote:
>>>
>>> > Hi
>>> >
>>> > I'm using CXF security processing with stream security. There I was
>>> able
>>> > to find
>>> >
>>> > List<SecurityEvent> requestSecurityEvents =
>>> >                 (List<SecurityEvent>) soapMessage.getExchange().get(
>>> SecurityEvent.class.getName()
>>> > + ".out");
>>> >
>>> >
>>> > Appreciate if you can explain how to set this SecurityEvent extension
>>> > manually and the purpose of it.
>>> >
>>> > Best Regards
>>> >
>>>
>>>
>>>
>>> --
>>> Colm O hEigeartaigh
>>>
>>> Talend Community Coder
>>> http://coders.talend.com
>>>
>>
>>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
Loading...