Is there any out of box interceptor for authenticating webservices ?

[krishmn]

Hi,

We are trying to integrate CXF with Spring security for webservices and using UserNameToken Profile for WS-Security.

Right now I'm writing the WSCallbackHandler to handle the "UserNameToken" profile and authenticate against the spring secuirty by injecting "authenticationManager".

Is there a "WS-SecurityIntercetor" similar to "WSS4JInInterceptor" which I can use to inject the authentication mechanisam and as well as different security profiles so that it would be done automatically for me?

Thanks
Krishmn




<bean id="serverPasswordCallback" class="com.chordiant.security.auth.ServerPasswordC allback">
<property name="authenticationManager" ref="authenticationManager"/>
</bean>

<bean id="wss4jInConfiguration" class="org.apache.cxf.ws.security.wss4j.WSS4JInInt erceptor">
<property name="properties">
<map>
<entry key="action" value="UsernameToken"/>
<entry key="passwordType" value="PasswordText" />
<entry>
<key>
<value>passwordCallbackRef</value>
</key>
<ref bean="serverPasswordCallback"/>
</entry>
</map>
</property>
</bean>



<jaxws:endpoint id="helloWorldEndpoint" implementor="#helloWorld" address="/HelloWorld" >
<jaxws:inInterceptors>
<bean class="org.apache.cxf.binding.soap.saaj.SAAJInInte rceptor" />
<ref bean="wss4jInConfiguration"/>
</jaxws:inInterceptors>
</jaxws:endpoint>

[Arjen Poutsma]

You might be better off asking this at the CXF mailing list.