Versions Compared

Old Version 2

changes.mady.by.user Oliver Wulff

Saved on

compared with

New Version 3

changes.mady.by.user Oliver Wulff

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

It's recommended to use Maven to resolve the dependencies as illustrated in the the example wsclientWebapp.

Code Block
xml
xml
titlepom.xml
borderStylesolid
    <dependency>
        <groupId>org.apache.cxf.fediz</groupId>
        <artifactId>fediz-cxf</artifactId>
        <version>1.1.0</version>
    </dependency>

...

Two configurations are required in web.xml to enable the FederationFilter to cache the security context in the thread local storage and in the spring configuration file applicationContext.xml to configure a callback handler to provide the STS client the security context stored in the thread local storage.

code
Code Block
xml
xml
titleweb.xml
borderStylexmlxmlsolid
    <filter>
        <filter-name>FederationFilter</filter-name>
        <filter-class>org.apache.cxf.fediz.core.servlet.FederationFilter</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>FederationFilter</filter-name>
        <url-pattern>/secure/*</url-pattern>
    </filter-mapping>

The FederationFilter is part of the library fediz-core.

code
Code Block
xml
xml
titleapplicationContext.xml
borderStylexmlxmlsolid

    <bean id="delegationCallbackHandler"
        class="org.apache.cxf.fediz.cxf.web.ThreadLocalCallbackHandler" />

    <jaxws:client id="HelloServiceClient" serviceName="svc:GreeterService"
        ...
        wsdlLocation="WEB-INF/wsdl/hello_world.wsdl">
        <jaxws:properties>
            <entry key="ws-security.sts.client">
                <bean class="org.apache.cxf.ws.security.trust.STSClient">
                    ...
                    <property name="onBehalfOf" ref="delegationCallbackHandler" />
                    ...
                 </bean>
            </entry>
            <entry key="ws-security.cache.issued.token.in.endpoint" value="false" />
        </jaxws:properties>
    </jaxws:client>

...

If you have set the property ws-security.cache.issued.token.in.endpoint to false, CXF will cache the issued token per security context dependent on the returned lifetime element of the STS. When the cached token for the target web services is expired, CXF will request a new token from the STS on-behalf-of the cached Fediz security context.

There is no special Java code required to get this functionality as illustrated in the following code snippet:

Code Block
titleFederationServlet.java
borderStylesolid
    Greeter service = (Greeter)ApplicationContextProvider.getContext().getBean("HelloServiceClient");
    String reply = service.greetMe();