Camel CXF Proxy with WS-Security

classic Classic list List threaded Threaded
29 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Camel CXF Proxy with WS-Security

chaij
I am writing a SOAP proxy. When a SOAP service call comes in, it goes to a CXF consumer->Processor->CXF producer (with WS-Security)

Since the incoming service call and the outgoing service call are from different wsdl and thus different namespace, I would need to transform the information. How can I achieve this and then have the message body ready to pass on to the cxf:bean:realSerive?

Thanks.

                <camel:route id="toreal">
                        <camel:from uri="cxf:bean:myProxy" />
                        <camel:to uri="bean:myProcessorr" />
                        <camel:to uri="cxf:bean:realService" />
                </camel:route>
        <bean id="wss4jInInterceptor-client" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
                <constructor-arg>
                        <map>
                                <entry key="action" value="UsernameToken Timestamp Signature Encrypt" />
                                <entry key="passwordCallbackClass" value="com.sms.dcp.KeystorePasswordCallback" />
                               
                                <entry key="decryptionPropFile" value="wssecurity/etc/Server_Decrypt.properties"/>
                                <entry key="encryptionKeyIdentifier" value="IssuerSerial" />
                                <entry key="signaturePropFile" value="cms-files/cms-trusted-crypto-PDT.properties" />
                                <entry key="signatureKeyIdentifier" value="DirectReference" />
                        </map>
                </constructor-arg>
        </bean>

        <cxf:cxfEndpoint id="edocumentVA" address="${VA_URL}"
                endpointName="...." serviceName="...."
                wsdlURL="wsdl/PDT/service.wsdl" serviceClass="DocumentService"
                xmlns:s="http://x.y.z/external/DocumentService/">
                <cxf:properties>
                        <entry key="mtom-enabled" value="${MTOM_ENABLED}" />
                        <entry key="dataFormat" value="CXF_MESSAGE" />
                </cxf:properties>
                <cxf:inInterceptors>
                        <ref bean="wss4jInInterceptor-client" />
                </cxf:inInterceptors>
        </cxf:cxfEndpoint>
Reply | Threaded
Open this post in threaded view
|

Re: Camel CXF Proxy with WS-Security

contactreji
Did u try using xslt after the processor bean part is over ?
On 22 Mar 2014 09:21, "chaij" <[hidden email]> wrote:

> I am writing a SOAP proxy. When a SOAP service call comes in, it goes to a
> CXF consumer->Processor->CXF producer (with WS-Security)
>
> Since the incoming service call and the outgoing service call are from
> different wsdl and thus different namespace, I would need to transform the
> information. How can I achieve this and then have the message body ready to
> pass on to the cxf:bean:realSerive?
>
> Thanks.
>
>                 <camel:route id="toreal">
>                         <camel:from uri="cxf:bean:myProxy" />
>                         <camel:to uri="bean:myProcessorr" />
>                         <camel:to uri="cxf:bean:realService" />
>                 </camel:route>
>         <bean id="wss4jInInterceptor-client"
> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
>                 <constructor-arg>
>                         <map>
>                                 <entry key="action" value="UsernameToken
> Timestamp Signature Encrypt" />
>                                 <entry key="passwordCallbackClass"
> value="com.sms.dcp.KeystorePasswordCallback" />
>
>                                 <entry key="decryptionPropFile"
> value="wssecurity/etc/Server_Decrypt.properties"/>
>                                 <entry key="encryptionKeyIdentifier"
> value="IssuerSerial" />
>                                 <entry key="signaturePropFile"
> value="cms-files/cms-trusted-crypto-PDT.properties" />
>                                 <entry key="signatureKeyIdentifier"
> value="DirectReference" />
>                         </map>
>                 </constructor-arg>
>         </bean>
>
>         <cxf:cxfEndpoint id="edocumentVA" address="${VA_URL}"
>                 endpointName="...." serviceName="...."
>                 wsdlURL="wsdl/PDT/service.wsdl"
> serviceClass="DocumentService"
>                 xmlns:s="http://x.y.z/external/DocumentService/">
>                 <cxf:properties>
>                         <entry key="mtom-enabled" value="${MTOM_ENABLED}"
> />
>                         <entry key="dataFormat" value="CXF_MESSAGE" />
>                 </cxf:properties>
>                 <cxf:inInterceptors>
>                         <ref bean="wss4jInInterceptor-client" />
>                 </cxf:inInterceptors>
>         </cxf:cxfEndpoint>
>
>
>
> --
> View this message in context:
> http://camel.465427.n5.nabble.com/Camel-CXF-Proxy-with-WS-Security-tp5749223.html
> Sent from the Camel - Users mailing list archive at Nabble.com.
>
Reji Mathews
Sr. Developer - Middleware Integration / SOA ( Open Source - Apache Camel & Jboss Fuse ESB | Mule ESB )
LinkedIn - http://in.linkedin.com/pub/reji-mathews/31/9a2/40a
Twitter - reji_mathews
Reply | Threaded
Open this post in threaded view
|

Re: Camel CXF Proxy with WS-Security

chaij
Thanks for the quick reply. That's a good clue. Can you give me something more concrete?
What would route look like?
Thanks.
Reply | Threaded
Open this post in threaded view
|

Re: Camel CXF Proxy with WS-Security

contactreji
The camel route might look something like follows


<camel:route id="toreal">
                        <camel:from uri="cxf:bean:myProxy" />
                        <camel:to uri="bean:myProcessorr" />
                        <to uri="xslt:path/to/xslt/file.xsl"/>
                        <camel:to uri="cxf:bean:realService" />
                </camel:route>

But make sure your bean:myProcessor returns the body as a XML and not POJO. Thats needed for the XSLT.

I am not very sure if xslt can take up pojo. Otherwise adding a jaxb component to convert pojo into xml representation would do the job.

If using jaxb, route might look like this


<camel:route id="toreal">
                        <camel:from uri="cxf:bean:myProxy" />
                        <camel:to uri="bean:myProcessorr" />
                       <marshal>
                       <jaxb prettyPrint="true" contextPath="package.of.the.class"/>
                        </marshal>
                        <to uri="xslt:path/to/xslt/file.xsl"/>
                        <camel:to uri="cxf:bean:realService" />
 </camel:route>
 

Reji Mathews
Sr. Developer - Middleware Integration / SOA ( Open Source - Apache Camel & Jboss Fuse ESB | Mule ESB )
LinkedIn - http://in.linkedin.com/pub/reji-mathews/31/9a2/40a
Twitter - reji_mathews
Reply | Threaded
Open this post in threaded view
|

Re: Camel CXF Proxy with WS-Security

chaij
Great stuff..

But I assume this will only translate the body? How about the headers? Would that matter?

Also, would camel be able to take the jaxb string and convert it into CXF_MESSAGE format? I am not quite clear how this works and didn't find much documentation talking about CXF_MESSAGE dataformat which is quite surprising.

It seems that this is the only recommended way to use wss4j interceptors.

If my incoming data format is also CXF_MESSAGE, how would I be able to convert that into POJO from my processor.

Really appreciate.
Reply | Threaded
Open this post in threaded view
|

Re: Camel CXF Proxy with WS-Security

contactreji
The headers should still be there in the Exchange. We will be altering only
Body of the exchange if I am not wrong. Would be good if some experts from
this forum would comment on that.

JAXB will only convert the Java object into equivalent XML representation.
I don't think so it would help you keep the SOAP envelop.

I am wondering if in the XSL file, you can compose the output to be in form
of soap envelop which will be readily processed by the cxf endpoint down
the route.


On Sat, Mar 22, 2014 at 10:38 AM, chaij <[hidden email]> wrote:

> Great stuff..
>
> But I assume this will only translate the body? How about the headers?
> Would
> that matter?
>
> Also, would camel be able to take the jaxb string and convert it into
> CXF_MESSAGE format? I am not quite clear how this works and didn't find
> much
> documentation talking about CXF_MESSAGE dataformat which is quite
> surprising.
>
> It seems that this is the only recommended way to use wss4j interceptors.
>
> If my incoming data format is also CXF_MESSAGE, how would I be able to
> convert that into POJO from my processor.
>
> Really appreciate.
>
>
>
> --
> View this message in context:
> http://camel.465427.n5.nabble.com/Camel-CXF-Proxy-with-WS-Security-tp5749223p5749229.html
> Sent from the Camel - Users mailing list archive at Nabble.com.
>
Reji Mathews
Sr. Developer - Middleware Integration / SOA ( Open Source - Apache Camel & Jboss Fuse ESB | Mule ESB )
LinkedIn - http://in.linkedin.com/pub/reji-mathews/31/9a2/40a
Twitter - reji_mathews
Reply | Threaded
Open this post in threaded view
|

Re: Camel CXF Proxy with WS-Security

chaij
it does seem to work by feeding the soap string to the cxf client.
I fixed the namespace.
I wonder if anything that needs to done to the camel message header.

Is there an easier/right way to generate a request to a cxf component that accepts CXF_MESSAGE?
Reply | Threaded
Open this post in threaded view
|

Re: Camel CXF Proxy with WS-Security

contactreji
What do you exactly plan to do with the headers ? I wonder if you can
really send headers to a CXF endpoint.

Meanwhile , I have invoked the web service by generated proxies using the
wsdl2java plugin. I haven't tried doing so by passing the soap string to
cxf .
On 23 Mar 2014 20:15, "chaij" <[hidden email]> wrote:

> it does seem to work by feeding the soap string to the cxf client.
> I fixed the namespace.
> I wonder if anything that needs to done to the camel message header.
>
> Is there an easier/right way to generate a request to a cxf component that
> accepts CXF_MESSAGE?
>
>
>
>
> --
> View this message in context:
> http://camel.465427.n5.nabble.com/Camel-CXF-Proxy-with-WS-Security-tp5749223p5749256.html
> Sent from the Camel - Users mailing list archive at Nabble.com.
>
Reji Mathews
Sr. Developer - Middleware Integration / SOA ( Open Source - Apache Camel & Jboss Fuse ESB | Mule ESB )
LinkedIn - http://in.linkedin.com/pub/reji-mathews/31/9a2/40a
Twitter - reji_mathews
Reply | Threaded
Open this post in threaded view
|

Re: Camel CXF Proxy with WS-Security

chaij
I don't really know what needs to done with the Camel message headers. I couldn't find documentation on how to use CXF_MESSAGE. I think that's the issue.

When I feed the soap envelope in string format to CXF endpoint, the SOAP body is empty when coming out the endpoint.

To recap what I need:

proxy client ->CXF Endpoint->processor to modify namespace and values etc->CXF Endpoint with Security->Real Service

I am stuck on the processor. How to process the incoming message and then feed it to the next CXF Endpoint in CXF_MESSAGE format since security is needed.

Can some expert help out here?

Thanks,
Jin
Reply | Threaded
Open this post in threaded view
|

Re: Camel CXF Proxy with WS-Security

contactreji
You said "When I feed the soap envelope in string format to CXF endpoint, the SOAP body is empty when coming out the endpoint."

That might be because the web service you are invoking may not have any response data. The empty SOAP envelop is an evidence for the same.

Can you share the wsdl of the service you are trying to call. Under operations, please check if there is any schema defined for "out" element
Reji Mathews
Sr. Developer - Middleware Integration / SOA ( Open Source - Apache Camel & Jboss Fuse ESB | Mule ESB )
LinkedIn - http://in.linkedin.com/pub/reji-mathews/31/9a2/40a
Twitter - reji_mathews
Reply | Threaded
Open this post in threaded view
|

Re: Camel CXF Proxy with WS-Security

chaij
This post was updated on .
Sorry, I didn't make it clear.

This is when the message leaving CXF Endpoint to the real service and before it gets a response. I logged the message using loggingOutInterceptor. The SOAP body is empty.

I did get a fault response saying the body element is NULL from soapUI mockup service.

I will check the WSDL and share anything if useful.
Reply | Threaded
Open this post in threaded view
|

Re: Camel CXF Proxy with WS-Security

chaij
Also, everything works fine with POJO data format which I was using before. I was able to send request and get response from soapUI mockup service.

Now, since I need to add security, I have to switch to CXF_MESSAGE format. Things doesn't work anymore.
Reply | Threaded
Open this post in threaded view
|

Re: Camel CXF Proxy with WS-Security

chaij
<operation name="uploadFormDocument">
  <input message="tns:uploadFormDocument" />
  <output message="tns:uploadFormDocumentResponse" />
  <fault message="tns:VbmsDataValidationException" name="VbmsDataValidationException" />
  <fault message="tns:VbmsServiceException" name="VbmsServiceException" />
</operation>
Reply | Threaded
Open this post in threaded view
|

Re: Camel CXF Proxy with WS-Security

Willem.Jiang
Administrator
In reply to this post by chaij
Hi,

I think you need to build the soap envelop yourself before send the request message (without security headers)in the camel route, then let the CXF security interceptor do the other work for you when routing the message out to the camel route.

--  
Willem Jiang

Red Hat, Inc.
Web: http://www.redhat.com
Blog: http://willemjiang.blogspot.com (English)
http://jnn.iteye.com (Chinese)
Twitter: willemjiang  
Weibo: 姜宁willem



On March 23, 2014 at 10:46:15 PM, chaij ([hidden email]) wrote:

> it does seem to work by feeding the soap string to the cxf client.
> I fixed the namespace.
> I wonder if anything that needs to done to the camel message header.
>  
> Is there an easier/right way to generate a request to a cxf component that
> accepts CXF_MESSAGE?
>  
>  
>  
>  
> --
> View this message in context: http://camel.465427.n5.nabble.com/Camel-CXF-Proxy-with-WS-Security-tp5749223p5749256.html 
> Sent from the Camel - Users mailing list archive at Nabble.com.
>  

Reply | Threaded
Open this post in threaded view
|

Re: Camel CXF Proxy with WS-Security

Willem.Jiang
Administrator
In reply to this post by chaij
I guess you didn’t setup the message body rightly. 
That could explain why the soap body is empty.

--  
Willem Jiang

Red Hat, Inc.
Web: http://www.redhat.com
Blog: http://willemjiang.blogspot.com (English)
http://jnn.iteye.com (Chinese)
Twitter: willemjiang  
Weibo: 姜宁willem



On March 24, 2014 at 10:54:02 PM, chaij ([hidden email]) wrote:

> Sorry, I didn't it clear.
>  
> This is when the message leaving CXF Endpoint to the real service and before
> it gets a response. I logged the message using loggingOutInterceptor. The
> SOAP body is empty.
>  
> I did get a fault response saying the body element is NULL from soapUI
> mockup service.
>  
> I will check the WSDL and share anything if useful.
>  
>  
>  
> --
> View this message in context: http://camel.465427.n5.nabble.com/Camel-CXF-Proxy-with-WS-Security-tp5749223p5749282.html 
> Sent from the Camel - Users mailing list archive at Nabble.com.
>  

Reply | Threaded
Open this post in threaded view
|

Re: Camel CXF Proxy with WS-Security

dkulp@apache.org
In reply to this post by chaij

Is it JUST the namespace that needs to be changed?  One option would be to have CXF do that while reading or writing messages by use CXF’s transform feature:

https://cwiki.apache.org/confluence/display/CXF20DOC/TransformationFeature

It’s primary purpose was to handle Namespace mapping and minor XML changes while reading in messages or writing messages.   That could help simplify things a bit for you.

Dan


On Mar 24, 2014, at 10:39 AM, chaij <[hidden email]> wrote:

> I don't really know what needs to done with the Camel message headers. I
> couldn't find documentation on how to use CXF_MESSAGE. I think that's the
> issue.
>
> When I feed the soap envelope in string format to CXF endpoint, the SOAP
> body is empty when coming out the endpoint.
>
> To recap what I need:
>
> proxy client ->CXF Endpoint->processor to modify namespace and values
> etc->CXF Endpoint with Security->Real Service
>
> I am stuck on the processor. How to process the incoming message and then
> feed it to the next CXF Endpoint in CXF_MESSAGE format since security is
> needed.
>
> Can some expert help out here?
>
> Thanks,
> Jin
>
>
>
> --
> View this message in context: http://camel.465427.n5.nabble.com/Camel-CXF-Proxy-with-WS-Security-tp5749223p5749280.html
> Sent from the Camel - Users mailing list archive at Nabble.com.

--
Daniel Kulp
[hidden email] - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com

Reply | Threaded
Open this post in threaded view
|

Re: Camel CXF Proxy with WS-Security

dkulp@apache.org
In reply to this post by chaij

On Mar 24, 2014, at 11:00 AM, chaij <[hidden email]> wrote:

> Also, everything works fine with POJO data format which I was using before. I
> was able to send request and get response from soapUI mockup service.
>
> Now, since I need to add security, I have to switch to CXF_MESSAGE format.
> Things doesn't work anymore.

Why do you have to switch to CXF_MESSAGE mode for security?  I don’t understand why you think you need CXF_MESSAGE mode for the security stuff.   It should work with POJO as well.

Dan



>
>
>
> --
> View this message in context: http://camel.465427.n5.nabble.com/Camel-CXF-Proxy-with-WS-Security-tp5749223p5749283.html
> Sent from the Camel - Users mailing list archive at Nabble.com.

--
Daniel Kulp
[hidden email] - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com

Reply | Threaded
Open this post in threaded view
|

Re: Camel CXF Proxy with WS-Security

chaij
In reply to this post by Willem.Jiang
So I should do exchange.getOut().setBody(soapMessage) and leave the exchange.getIn().getHeaders() behind since it has a lot of other information which should not be relevant?

I saw you added convertBody to String for SOAPMessage. It would be really nice if there is one to do the reverse. Take the string and rightfully construct the SOAPMessage.

Appreciate your feedback.

Thanks!
Reply | Threaded
Open this post in threaded view
|

Re: Camel CXF Proxy with WS-Security

chaij
In reply to this post by dkulp@apache.org
Dan - I need to use WSS4J interceptors to add security to CXF.

If I stay with POJO, I got a security header related exception. I think others have similar issue. I can reproduce the problem by switching back if you want to know the exact details.

It would be great if I can work on POJO. SOAPMessage is giving me a lot of headache so far. Maybe due to my ignorance. Just find it is much easier to work with POJO.

I will read up your link for namespace translation as well. So far, yes, only namespace change needed.

Thanks for your input.

Jin
Reply | Threaded
Open this post in threaded view
|

Re: Camel CXF Proxy with WS-Security

Willem.Jiang
Administrator
In reply to this post by chaij
If you put the message body into out message, you need to copy the in message headers to the out message header at the same time.
camel-cxf cannot take the message headers from the in message and message body from the out message.
12