1

I created a web service client to handle cxf soap web services with apache camel.

String serviceUri = "cxf:http://localhost:10000/myservice?serviceClass=" + 
    MyRequest.class.getCanonicalName();

from(uri).to("mock:xyz");

The web service receives the soap call but throws an exception since the request requires a handling for wss.

org.apache.cxf.binding.soap.SoapFault: MustUnderstand headers: [{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security] are not understood.

The reason is, that the service requires ws security, which can be seen by lloking at the request.

<SOAP-ENV:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" SOAP-ENV:mustUnderstand="1">

I found out that I need to implement an interceptor to handle header properties.

My questions:

  • How can I add an interceptor to handle the header attributes with Camel Java-DSL?

  • Will this be sufficient to get rid of the SOAP Fault?

ABX
  • 1,173
  • 2
  • 22
  • 39

1 Answers1

2

You can do it through cxfEndpointConfigurer option @see: Camel-CXF configuration

(I use Spring (it is much easier)), but I guess for DSL URI will look like:

String serviceUri = "cxf:http://localhost:10000/myservice?serviceClass=" + 
MyRequest.class.getCanonicalName() +
"&cxfEndpointConfigurer="+ MyConfigurer.class.getCanonicalName();

by implementing org.apache.camel.component.cxf.CxfEndpointConfigurer you have ability to add an Interceptor inside configureServer method 

server.getEndpoint().getInInterceptors().add(new MyJAASLoginInterceptor());

if you run your Camel in container with JAAS (like JBOSS) you can use extension from

org.apache.cxf.interceptor.security.JAASLoginInterceptor

with needed callback handler. Simple example which validates user/password from WSS header against JBOSS users:

public class MyJAASLoginInterceptor extends javax.security.auth.callback.JAASLoginInterceptor {

  @Override
  protected CallbackHandler getCallbackHandler(String name, String password) {

    return new org.apache.cxf.interceptor.security.NamePasswordCallbackHandler(name, password, "setCredential");

  }

}
Vadim
  • 4,027
  • 2
  • 10
  • 26
  • unfortunately "&cxfEndpointConfigurer="+ MyConfigurer.class.getCanonicalName(); is not working, I get the error message "Could not find a suitable setter for property: cxfEndpointConfigurer as there isn't a setter method with same type: java.lang.String nor type conversion possible: " – ABX Dec 13 '16 at 08:44
  • pls. read this: http://camel.465427.n5.nabble.com/cxfEndpointConfigurer-in-an-URI-td5773083.html – Vadim Dec 13 '16 at 10:17