0 Replies Latest reply: Feb 14, 2013 8:45 AM by 991120 RSS

    How to authenticate CXF-Webservice against external LDAP in WebLogic?

    991120
      Hi there,

      I'm trying to integrate our Camel-application into WebLogic 12c. All the incoming endpoints are CXF-based webservices. These are secured by "UsernameToken Timestamp" with the WSS4JInInterceptor configured like this:

      <bean id="wss4jInInterceptor" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
                <constructor-arg>
                     <map>
                          <entry key="action" value="UsernameToken Timestamp" />
                          <entry key="passwordType" value="PasswordDigest" />
                          <entry key="passwordCallbackClass"
                               value="de.mycompany.camel.cxf.UserTokenCallbackHandler" />
                     </map>
                </constructor-arg>     
      </bean>

      My problem is: WSS4JInInterceptor expects the UserTokenCallbackHandler to return the password of the user delivered in the header <wsse:Username>. Is there any way to retrieve this from an external LDAP configured in WebLogic? I've already managed to retrieve the users, groups etc with JMX (javax.management.MBeanServerConnection and weblogic.security.providers.authentication.LDAPAuthenticatorMBean), but I can't figure out how to authenticate the user against the LDAP, i. e. retrieve the password.

      Or am I heading in a completely wrong direction and this is not the way to achieve authentication for CXF-Webservices in WebLogic?

      Please give me a hint (code-snippets preferred ;-) ) how to solve this.

      Regards,

      Frank