在JBoss Fuse中为CXF / HTTP设置基本身份验证的正确方法是什么?

时间:2016-10-04 14:45:38

标签: apache-camel jetty cxf jbossfuse blueprint-osgi

我一直在努力为我所有暴露的网络服务设置基本身份验证,但没有任何运气。

我正在使用带有Karaf容器的JBoss Fuse 6.2.1(karaf-2.4.0.redhat-621117),我目前有三个正在使用相同数量的cxfEndpoints的集成。

我想要实现的是在调用服务或尝试查看WSDL时使用auth-dialog提示所述服务的用户。 请注意,我不想使用ws-security将身份验证放在Soap-envelope中,而是放在http级别上。

我一直在查看以下文档条目: [1] https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Fuse/6.2.1/html/Security_Guide/CamelJetty-BasicAuth.html

[2] http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html

[3] http://cxf.apache.org/docs/jetty-configuration.html

但我很困惑我应该使用哪些(如果有的话)这些方法。 事实上,到目前为止,它们都没有为我工作,但可能是由于我的用户错误。

下面我将展示我尝试过(以及随后失败)的事情:

使用[1]和[3]的混合

blueprint.xml:

<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
    xmlns:cxf="http://camel.apache.org/schema/blueprint/cxf"
    xmlns:cxf-core="http://cxf.apache.org/blueprint/core"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
    xsi:schemaLocation="
        http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
        http://www.osgi.org/xmlns/blueprint/v1.0.0 http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd
        http://camel.apache.org/schema/blueprint http://camel.apache.org/schema/blueprint/camel-blueprint.xsd">

    <bean id="loginService" class="org.eclipse.jetty.plus.jaas.JAASLoginService">
        <property name="name" value="karaf"/>
        <property name="loginModuleName" value="karaf"/>
        <property name="roleClassNames">
            <list>
                <value>org.apache.karaf.jaas.boot.principal.RolePrincipal</value>
            </list>
        </property>
    </bean>

    <bean id="identityService" class="org.eclipse.jetty.security.DefaultIdentityService"/>

    <bean id="constraint" class="org.eclipse.jetty.util.security.Constraint">
        <property name="name" value="BASIC"/>
        <property name="roles" value="Administrator"/>
        <property name="authenticate" value="true"/>
    </bean>

    <bean id="constraintMapping" class="org.eclipse.jetty.security.ConstraintMapping">
        <property name="constraint" ref="constraint"/>
        <property name="pathSpec" value="/*"/>
    </bean>

    <bean id="securityHandler" class="org.eclipse.jetty.security.ConstraintSecurityHandler">
        <property name="authenticator">
            <bean class="org.eclipse.jetty.security.authentication.BasicAuthenticator"/>
        </property>
        <property name="constraintMappings">
            <list>
                <ref bean="constraintMapping"/>
            </list>
        </property>
        <property name="loginService" ref="loginService"/>
        <property name="strict" value="false"/>
        <property name="identityService" ref="identityService"/>
    </bean>

    <httpj:engine-factory bus="cxf">
        <httpj:engine port="8181">
            <httpj:handlers>
                <ref component-id="securityHandler" />
            </httpj:handlers>
        </httpj:engine>
     </httpj:engine-factory>

</blueprint>

使用[2]

blueprint.xml:

<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
    xmlns:cxf="http://camel.apache.org/schema/blueprint/cxf"
    xmlns:cxf-core="http://cxf.apache.org/blueprint/core"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:http-conf="http://cxf.apache.org/transports/http/configuration"
    xsi:schemaLocation="
        http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
        http://www.osgi.org/xmlns/blueprint/v1.0.0 http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd
        http://camel.apache.org/schema/blueprint http://camel.apache.org/schema/blueprint/camel-blueprint.xsd">

    <http-conf:conduit name="http://localhost:8181/.*" xmlns:sec="http://cxf.apache.org/configuration/security">
        <http-conf:authorization>
            <sec:UserName>test</sec:UserName>
            <sec:Password>test</sec:Password>
            <sec:AuthorizationType>BASIC</sec:AuthorizationType>
        </http-conf:authorization>
    </http-conf:conduit>

</blueprint>

两种情况下使用的cxfEndpoint 

<cxf:cxfEndpoint address="${address}" id="myWs" serviceClass="com.company.test.CxfService">
    <cxf:properties>
        <entry key="dataFormat" value="PAYLOAD" />
    </cxf:properties>
</cxf:cxfEndpoint>

最佳方案是能够利用JAAS,但我会满足于更简单的开始。

我应该补充一点,我没有收到任何这些错误,我只是在浏览http://localhost:8181/cxf或通过SoapUI调用服务时没有被提示提供任何凭据。

如果有人能指出我正确的方向,我将不胜感激。

1 个答案:

答案 0 :(得分:1)

我设法找到了一个可行的解决方案,所以我发布了我的调查结果,希望在某些时候可以帮助其他人。

blueprint.xml:

<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
    xmlns:cxf="http://camel.apache.org/schema/blueprint/cxf"
    xmlns:cxf-core="http://cxf.apache.org/blueprint/core"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
    xsi:schemaLocation="
        http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
        http://www.osgi.org/xmlns/blueprint/v1.0.0 http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd
        http://camel.apache.org/schema/blueprint http://camel.apache.org/schema/blueprint/camel-blueprint.xsd">

    <bean id="loginService" class="org.eclipse.jetty.plus.jaas.JAASLoginService">
        <property name="name" value="karaf"/>
        <property name="loginModuleName" value="karaf"/>
        <property name="roleClassNames">
            <list>
                <value>org.apache.karaf.jaas.boot.principal.RolePrincipal</value>
            </list>
        </property>
    </bean>

    <bean id="identityService" class="org.eclipse.jetty.security.DefaultIdentityService"/>

    <bean id="constraint" class="org.eclipse.jetty.util.security.Constraint">
        <property name="name" value="BASIC"/>
        <property name="roles">
            <list>
                <value>admin</value>
            </list>
        </property>
        <property name="authenticate" value="true"/>
    </bean>

    <bean id="constraintMapping" class="org.eclipse.jetty.security.ConstraintMapping">
        <property name="constraint" ref="constraint"/>
        <property name="pathSpec" value="/*"/>
    </bean>

    <bean id="securityHandler" class="org.eclipse.jetty.security.ConstraintSecurityHandler">
        <property name="authenticator">
            <bean class="org.eclipse.jetty.security.authentication.BasicAuthenticator"/>
        </property>
        <property name="constraintMappings">
            <list>
                <ref component-id="constraintMapping"/>
            </list>
        </property>
        <property name="loginService" ref="loginService"/>
        <property name="strict" value="false"/>
        <property name="identityService" ref="identityService"/>
    </bean>

    <httpj:engine-factory bus="cxf">
        <httpj:engine port="8083">
            <httpj:handlers>
                <ref component-id="securityHandler" />
            </httpj:handlers>
        </httpj:engine>
    </httpj:engine-factory>

    <cxf:cxfEndpoint address="http://localhost:8083/MyService" id="myWs" serviceClass="com.company.test.CxfService">
        <cxf:properties>
            <entry key="dataFormat" value="PAYLOAD" />
        </cxf:properties>
    </cxf:cxfEndpoint>

    ...

</blueprint>

还需要将以下内容添加到pom.xml:

<Import-Package>
    javax.security.auth,
    javax.security.auth.callback,
    javax.security.auth.login,
    javax.security.auth.spi,
    org.apache.karaf.jaas.modules,
    org.apache.karaf.jaas.boot.principal,
    org.eclipse.jetty.server,
    org.eclipse.jetty.plus.jaas;version=${jetty-version},
    org.eclipse.jetty.security;version=${jetty-version},
    *
</Import-Package>
httpj:engine-factory 需要

org.eclipse.jetty.server 才能正常工作。 如果要设置基本身份验证,您似乎无法使用默认端口(8181)。此解决方案改为在端口8083上设置自定义jetty容器(您可以使用不同的端口,只需确保您的cxfEndpoints在同一端口上发布。)

相关问题
最新问题