在 JBoss Fuse 中为 CXF/HTTP 设置基本身份验证的正确方法是什么?
What is the correct way of setting up Basic Authentication for CXF/HTTP in JBoss Fuse?
我已经尝试了很长一段时间来为我公开的所有 Web 服务设置基本身份验证,但没有成功。
我将 JBoss Fuse 6.2.1 与 Karaf 容器 (karaf-2.4.0.redhat-621117) 一起使用,我目前有三个集成,它们消耗等量的 cxfEndpoint。
我想要实现的是在调用服务或尝试查看 WSDL 时使用身份验证对话框提示所述服务的用户。
请注意,我不想使用 ws-security,它将身份验证放在 Soap-envelope 中,而是放在 http 级别。
我一直在查看以下文档条目:
[1]https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Fuse/6.2.1/html/Security_Guide/CamelJetty-BasicAuth.html
[2]http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html
[3]http://cxf.apache.org/docs/jetty-configuration.html
但我很困惑我应该使用这些方法中的哪一种(如果有的话)。
事实上,到目前为止,none 对我有用,但这可能是因为我的用户错误。
下面我将展示我尝试过(后来失败了)的事情:
混合使用 [1] 和 [3]
blueprint.xml:
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:cxf="http://camel.apache.org/schema/blueprint/cxf"
xmlns:cxf-core="http://cxf.apache.org/blueprint/core"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
xsi:schemaLocation="
http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
http://www.osgi.org/xmlns/blueprint/v1.0.0 http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd
http://camel.apache.org/schema/blueprint http://camel.apache.org/schema/blueprint/camel-blueprint.xsd">
<bean id="loginService" class="org.eclipse.jetty.plus.jaas.JAASLoginService">
<property name="name" value="karaf"/>
<property name="loginModuleName" value="karaf"/>
<property name="roleClassNames">
<list>
<value>org.apache.karaf.jaas.boot.principal.RolePrincipal</value>
</list>
</property>
</bean>
<bean id="identityService" class="org.eclipse.jetty.security.DefaultIdentityService"/>
<bean id="constraint" class="org.eclipse.jetty.util.security.Constraint">
<property name="name" value="BASIC"/>
<property name="roles" value="Administrator"/>
<property name="authenticate" value="true"/>
</bean>
<bean id="constraintMapping" class="org.eclipse.jetty.security.ConstraintMapping">
<property name="constraint" ref="constraint"/>
<property name="pathSpec" value="/*"/>
</bean>
<bean id="securityHandler" class="org.eclipse.jetty.security.ConstraintSecurityHandler">
<property name="authenticator">
<bean class="org.eclipse.jetty.security.authentication.BasicAuthenticator"/>
</property>
<property name="constraintMappings">
<list>
<ref bean="constraintMapping"/>
</list>
</property>
<property name="loginService" ref="loginService"/>
<property name="strict" value="false"/>
<property name="identityService" ref="identityService"/>
</bean>
<httpj:engine-factory bus="cxf">
<httpj:engine port="8181">
<httpj:handlers>
<ref component-id="securityHandler" />
</httpj:handlers>
</httpj:engine>
</httpj:engine-factory>
</blueprint>
使用 [2]
blueprint.xml:
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:cxf="http://camel.apache.org/schema/blueprint/cxf"
xmlns:cxf-core="http://cxf.apache.org/blueprint/core"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:http-conf="http://cxf.apache.org/transports/http/configuration"
xsi:schemaLocation="
http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://www.osgi.org/xmlns/blueprint/v1.0.0 http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd
http://camel.apache.org/schema/blueprint http://camel.apache.org/schema/blueprint/camel-blueprint.xsd">
<http-conf:conduit name="http://localhost:8181/.*" xmlns:sec="http://cxf.apache.org/configuration/security">
<http-conf:authorization>
<sec:UserName>test</sec:UserName>
<sec:Password>test</sec:Password>
<sec:AuthorizationType>BASIC</sec:AuthorizationType>
</http-conf:authorization>
</http-conf:conduit>
</blueprint>
两种情况下使用的cxfEndpoint
<cxf:cxfEndpoint address="${address}" id="myWs" serviceClass="com.company.test.CxfService">
<cxf:properties>
<entry key="dataFormat" value="PAYLOAD" />
</cxf:properties>
</cxf:cxfEndpoint>
最佳方案是能够利用 JAAS,但我会选择更简单的开始。
我应该补充一点,我没有收到任何这些错误,只是在浏览 http://localhost:8181/cxf 或通过 SoapUI 调用服务时没有提示我提供任何凭据。
如果有人能指出正确的方向,我将不胜感激。
我设法找到了一个可行的解决方案,所以我将 post 我的发现,希望其他人在某个时候能得到帮助。
blueprint.xml:
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:cxf="http://camel.apache.org/schema/blueprint/cxf"
xmlns:cxf-core="http://cxf.apache.org/blueprint/core"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
xsi:schemaLocation="
http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
http://www.osgi.org/xmlns/blueprint/v1.0.0 http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd
http://camel.apache.org/schema/blueprint http://camel.apache.org/schema/blueprint/camel-blueprint.xsd">
<bean id="loginService" class="org.eclipse.jetty.plus.jaas.JAASLoginService">
<property name="name" value="karaf"/>
<property name="loginModuleName" value="karaf"/>
<property name="roleClassNames">
<list>
<value>org.apache.karaf.jaas.boot.principal.RolePrincipal</value>
</list>
</property>
</bean>
<bean id="identityService" class="org.eclipse.jetty.security.DefaultIdentityService"/>
<bean id="constraint" class="org.eclipse.jetty.util.security.Constraint">
<property name="name" value="BASIC"/>
<property name="roles">
<list>
<value>admin</value>
</list>
</property>
<property name="authenticate" value="true"/>
</bean>
<bean id="constraintMapping" class="org.eclipse.jetty.security.ConstraintMapping">
<property name="constraint" ref="constraint"/>
<property name="pathSpec" value="/*"/>
</bean>
<bean id="securityHandler" class="org.eclipse.jetty.security.ConstraintSecurityHandler">
<property name="authenticator">
<bean class="org.eclipse.jetty.security.authentication.BasicAuthenticator"/>
</property>
<property name="constraintMappings">
<list>
<ref component-id="constraintMapping"/>
</list>
</property>
<property name="loginService" ref="loginService"/>
<property name="strict" value="false"/>
<property name="identityService" ref="identityService"/>
</bean>
<httpj:engine-factory bus="cxf">
<httpj:engine port="8083">
<httpj:handlers>
<ref component-id="securityHandler" />
</httpj:handlers>
</httpj:engine>
</httpj:engine-factory>
<cxf:cxfEndpoint address="http://localhost:8083/MyService" id="myWs" serviceClass="com.company.test.CxfService">
<cxf:properties>
<entry key="dataFormat" value="PAYLOAD" />
</cxf:properties>
</cxf:cxfEndpoint>
...
</blueprint>
还需要在pom.xml中添加以下内容:
<Import-Package>
javax.security.auth,
javax.security.auth.callback,
javax.security.auth.login,
javax.security.auth.spi,
org.apache.karaf.jaas.modules,
org.apache.karaf.jaas.boot.principal,
org.eclipse.jetty.server,
org.eclipse.jetty.plus.jaas;version=${jetty-version},
org.eclipse.jetty.security;version=${jetty-version},
*
</Import-Package>
org.eclipse.jetty.server 需要 httpj:engine-factory 才能工作。
如果您想设置基本身份验证,您似乎无法使用默认端口 (8181)。此解决方案改为在端口 8083 上设置自定义码头容器(您可以使用不同的端口,只需确保您的 cxfEndpoints 发布在同一端口上即可。)
我已经尝试了很长一段时间来为我公开的所有 Web 服务设置基本身份验证,但没有成功。
我将 JBoss Fuse 6.2.1 与 Karaf 容器 (karaf-2.4.0.redhat-621117) 一起使用,我目前有三个集成,它们消耗等量的 cxfEndpoint。
我想要实现的是在调用服务或尝试查看 WSDL 时使用身份验证对话框提示所述服务的用户。 请注意,我不想使用 ws-security,它将身份验证放在 Soap-envelope 中,而是放在 http 级别。
我一直在查看以下文档条目: [1]https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Fuse/6.2.1/html/Security_Guide/CamelJetty-BasicAuth.html
[2]http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html
[3]http://cxf.apache.org/docs/jetty-configuration.html
但我很困惑我应该使用这些方法中的哪一种(如果有的话)。 事实上,到目前为止,none 对我有用,但这可能是因为我的用户错误。
下面我将展示我尝试过(后来失败了)的事情:
混合使用 [1] 和 [3]
blueprint.xml:
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:cxf="http://camel.apache.org/schema/blueprint/cxf"
xmlns:cxf-core="http://cxf.apache.org/blueprint/core"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
xsi:schemaLocation="
http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
http://www.osgi.org/xmlns/blueprint/v1.0.0 http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd
http://camel.apache.org/schema/blueprint http://camel.apache.org/schema/blueprint/camel-blueprint.xsd">
<bean id="loginService" class="org.eclipse.jetty.plus.jaas.JAASLoginService">
<property name="name" value="karaf"/>
<property name="loginModuleName" value="karaf"/>
<property name="roleClassNames">
<list>
<value>org.apache.karaf.jaas.boot.principal.RolePrincipal</value>
</list>
</property>
</bean>
<bean id="identityService" class="org.eclipse.jetty.security.DefaultIdentityService"/>
<bean id="constraint" class="org.eclipse.jetty.util.security.Constraint">
<property name="name" value="BASIC"/>
<property name="roles" value="Administrator"/>
<property name="authenticate" value="true"/>
</bean>
<bean id="constraintMapping" class="org.eclipse.jetty.security.ConstraintMapping">
<property name="constraint" ref="constraint"/>
<property name="pathSpec" value="/*"/>
</bean>
<bean id="securityHandler" class="org.eclipse.jetty.security.ConstraintSecurityHandler">
<property name="authenticator">
<bean class="org.eclipse.jetty.security.authentication.BasicAuthenticator"/>
</property>
<property name="constraintMappings">
<list>
<ref bean="constraintMapping"/>
</list>
</property>
<property name="loginService" ref="loginService"/>
<property name="strict" value="false"/>
<property name="identityService" ref="identityService"/>
</bean>
<httpj:engine-factory bus="cxf">
<httpj:engine port="8181">
<httpj:handlers>
<ref component-id="securityHandler" />
</httpj:handlers>
</httpj:engine>
</httpj:engine-factory>
</blueprint>
使用 [2]
blueprint.xml:
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:cxf="http://camel.apache.org/schema/blueprint/cxf"
xmlns:cxf-core="http://cxf.apache.org/blueprint/core"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:http-conf="http://cxf.apache.org/transports/http/configuration"
xsi:schemaLocation="
http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://www.osgi.org/xmlns/blueprint/v1.0.0 http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd
http://camel.apache.org/schema/blueprint http://camel.apache.org/schema/blueprint/camel-blueprint.xsd">
<http-conf:conduit name="http://localhost:8181/.*" xmlns:sec="http://cxf.apache.org/configuration/security">
<http-conf:authorization>
<sec:UserName>test</sec:UserName>
<sec:Password>test</sec:Password>
<sec:AuthorizationType>BASIC</sec:AuthorizationType>
</http-conf:authorization>
</http-conf:conduit>
</blueprint>
两种情况下使用的cxfEndpoint
<cxf:cxfEndpoint address="${address}" id="myWs" serviceClass="com.company.test.CxfService">
<cxf:properties>
<entry key="dataFormat" value="PAYLOAD" />
</cxf:properties>
</cxf:cxfEndpoint>
最佳方案是能够利用 JAAS,但我会选择更简单的开始。
我应该补充一点,我没有收到任何这些错误,只是在浏览 http://localhost:8181/cxf 或通过 SoapUI 调用服务时没有提示我提供任何凭据。
如果有人能指出正确的方向,我将不胜感激。
我设法找到了一个可行的解决方案,所以我将 post 我的发现,希望其他人在某个时候能得到帮助。
blueprint.xml:
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:cxf="http://camel.apache.org/schema/blueprint/cxf"
xmlns:cxf-core="http://cxf.apache.org/blueprint/core"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
xsi:schemaLocation="
http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
http://www.osgi.org/xmlns/blueprint/v1.0.0 http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd
http://camel.apache.org/schema/blueprint http://camel.apache.org/schema/blueprint/camel-blueprint.xsd">
<bean id="loginService" class="org.eclipse.jetty.plus.jaas.JAASLoginService">
<property name="name" value="karaf"/>
<property name="loginModuleName" value="karaf"/>
<property name="roleClassNames">
<list>
<value>org.apache.karaf.jaas.boot.principal.RolePrincipal</value>
</list>
</property>
</bean>
<bean id="identityService" class="org.eclipse.jetty.security.DefaultIdentityService"/>
<bean id="constraint" class="org.eclipse.jetty.util.security.Constraint">
<property name="name" value="BASIC"/>
<property name="roles">
<list>
<value>admin</value>
</list>
</property>
<property name="authenticate" value="true"/>
</bean>
<bean id="constraintMapping" class="org.eclipse.jetty.security.ConstraintMapping">
<property name="constraint" ref="constraint"/>
<property name="pathSpec" value="/*"/>
</bean>
<bean id="securityHandler" class="org.eclipse.jetty.security.ConstraintSecurityHandler">
<property name="authenticator">
<bean class="org.eclipse.jetty.security.authentication.BasicAuthenticator"/>
</property>
<property name="constraintMappings">
<list>
<ref component-id="constraintMapping"/>
</list>
</property>
<property name="loginService" ref="loginService"/>
<property name="strict" value="false"/>
<property name="identityService" ref="identityService"/>
</bean>
<httpj:engine-factory bus="cxf">
<httpj:engine port="8083">
<httpj:handlers>
<ref component-id="securityHandler" />
</httpj:handlers>
</httpj:engine>
</httpj:engine-factory>
<cxf:cxfEndpoint address="http://localhost:8083/MyService" id="myWs" serviceClass="com.company.test.CxfService">
<cxf:properties>
<entry key="dataFormat" value="PAYLOAD" />
</cxf:properties>
</cxf:cxfEndpoint>
...
</blueprint>
还需要在pom.xml中添加以下内容:
<Import-Package>
javax.security.auth,
javax.security.auth.callback,
javax.security.auth.login,
javax.security.auth.spi,
org.apache.karaf.jaas.modules,
org.apache.karaf.jaas.boot.principal,
org.eclipse.jetty.server,
org.eclipse.jetty.plus.jaas;version=${jetty-version},
org.eclipse.jetty.security;version=${jetty-version},
*
</Import-Package>
org.eclipse.jetty.server 需要 httpj:engine-factory 才能工作。 如果您想设置基本身份验证,您似乎无法使用默认端口 (8181)。此解决方案改为在端口 8083 上设置自定义码头容器(您可以使用不同的端口,只需确保您的 cxfEndpoints 发布在同一端口上即可。)