Permalink
Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Sign up
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!-- | |
| Copyright (C) FuseSource, Inc. | |
| http://fusesource.com | |
| Licensed under the Apache License, Version 2.0 (the "License"); | |
| you may not use this file except in compliance with the License. | |
| You may obtain a copy of the License at | |
| http://www.apache.org/licenses/LICENSE-2.0 | |
| Unless required by applicable law or agreed to in writing, software | |
| distributed under the License is distributed on an "AS IS" BASIS, | |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| See the License for the specific language governing permissions and | |
| limitations under the License. | |
| --> | |
| <!-- | |
| This is the OSGi Blueprint XML file defining the CXF JAX-WS beans. Because the file is in the | |
| OSGI-INF/blueprint directory inside our JAR, it will be automatically activated as soon as the artifact is installed. | |
| The root element for any OSGi Blueprint file is 'blueprint' - you also see the namespace definitions for both the Blueprint | |
| and the CXF JAX-WS namespaces. | |
| --> | |
| <blueprint | |
| xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" | |
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
| xmlns:jaxws="http://cxf.apache.org/blueprint/jaxws" | |
| xsi:schemaLocation="http://www.osgi.org/xmlns/blueprint/v1.0.0 http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd | |
| http://cxf.apache.org/blueprint/jaxws http://cxf.apache.org/schemas/blueprint/jaxws.xsd"> | |
| <!-- | |
| Using the <jaxws:endpoint/>, we're configuring the actual JAX-WS endpoint, referring to our web service implementation class | |
| and the URI address we want to assign to our service. The address is relative to the CXF servlet URI, | |
| with the default configuration in place, this endpoint will be available at 'http://localhost:8181/cxf/HelloWorld'. | |
| --> | |
| <jaxws:endpoint id="helloWorld" | |
| implementor="org.fusesource.examples.cxf.jaxws.security.HelloWorldImpl" | |
| address="/HelloWorldSecurity"> | |
| <!-- | |
| We will be adding two interceptors to the inbound interceptor chain: | |
| - the CXF WSS4J interceptor to support WS-Security for passing along the credentials | |
| - a reference to the the JAAS authentication interceptor defined as a separate bean later on | |
| this will ensure that the credentials are being authenticated in the JAAS realm defined there ('karaf') | |
| --> | |
| <jaxws:inInterceptors> | |
| <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> | |
| <property name="properties"> | |
| <map> | |
| <entry key="action" value="UsernameToken"/> | |
| <entry key="passwordType" value="PasswordText"/> | |
| </map> | |
| </property> | |
| </bean> | |
| <ref component-id="authenticationInterceptor"/> | |
| <ref component-id="authorizationInterceptor" /> | |
| </jaxws:inInterceptors> | |
| <jaxws:outInterceptors> | |
| <bean class="org.fusesource.examples.cxf.jaxws.security.EnableCORSInterceptor"/> | |
| </jaxws:outInterceptors> | |
| <!-- | |
| We set ws-security.validate.token=false as we leave the authentication to | |
| the JAASLoginInterceptor. When using default value true the WSS4JInInterceptor will | |
| try to authenticate the user. | |
| --> | |
| <jaxws:properties> | |
| <entry key="ws-security.validate.token" value="false"/> | |
| </jaxws:properties> | |
| </jaxws:endpoint> | |
| <!-- | |
| We are using the OSGi Blueprint XML syntax to define a bean that we referred to in our JAX-WS endpoint setup. | |
| This bean is a CXF interceptor that ensures that a request has been authenticated before allowing it to pass. For | |
| performing the authentication, this interceptor will delegate to JAAS, using the realm name 'karaf'. This will allow | |
| it to reuse the same authentication mechanism that is being used to secure other ESB facilities, such as the remote | |
| SSH shell and the webconsole. | |
| --> | |
| <bean id="authenticationInterceptor" class="org.apache.cxf.interceptor.security.JAASLoginInterceptor"> | |
| <property name="contextName" value="karaf"/> | |
| <!-- These two props are needed when authenticating against a JAAS system that uses | |
| different types of security Principals as done by Karaf. | |
| See http://cxf.apache.org/docs/security.html for more info. | |
| --> | |
| <property name="roleClassifier" value="RolePrincipal"/> | |
| <property name="roleClassifierType" value="classname"/> | |
| </bean> | |
| <!-- authorization against a fixed operation name to role name mapping --> | |
| <bean id="authorizationInterceptor" class="org.apache.cxf.interceptor.security.SimpleAuthorizingInterceptor"> | |
| <!-- The methodRolesMap configuration lists the WSDL operations explicitly | |
| and names the required roles for invoking these operations. Note that | |
| wildcards are not supported, the operation names have to match exactly. | |
| --> | |
| <property name="methodRolesMap"> | |
| <map> | |
| <entry key="sayHi" value="admin"/> | |
| </map> | |
| </property> | |
| <!-- In order to declare default roles that are required for any WSDL | |
| operation that is not explicitly listed in the methodRolesMap, one can | |
| use the globalRoles property and list the roles that are required by | |
| default (space separated). | |
| --> | |
| <property name="globalRoles" value="root web"/> | |
| </bean> | |
| </blueprint> |