0 Replies Latest reply on Feb 14, 2013 2:45 PM by 991120

    How to authenticate CXF-Webservice against external LDAP in WebLogic?

      Hi there,

      I'm trying to integrate our Camel-application into WebLogic 12c. All the incoming endpoints are CXF-based webservices. These are secured by "UsernameToken Timestamp" with the WSS4JInInterceptor configured like this:

      <bean id="wss4jInInterceptor" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
                          <entry key="action" value="UsernameToken Timestamp" />
                          <entry key="passwordType" value="PasswordDigest" />
                          <entry key="passwordCallbackClass"
                               value="de.mycompany.camel.cxf.UserTokenCallbackHandler" />

      My problem is: WSS4JInInterceptor expects the UserTokenCallbackHandler to return the password of the user delivered in the header <wsse:Username>. Is there any way to retrieve this from an external LDAP configured in WebLogic? I've already managed to retrieve the users, groups etc with JMX (javax.management.MBeanServerConnection and weblogic.security.providers.authentication.LDAPAuthenticatorMBean), but I can't figure out how to authenticate the user against the LDAP, i. e. retrieve the password.

      Or am I heading in a completely wrong direction and this is not the way to achieve authentication for CXF-Webservices in WebLogic?

      Please give me a hint (code-snippets preferred ;-) ) how to solve this.