THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Code Block | ||||
---|---|---|---|---|
| ||||
<bean id="tvServiceClientFactory" class="org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean"> <property name="address" value="http://localhost:${http.port}/services/oauth/validate"/> <property name="headers"> <map> <entry key="Accept" value="application/xml"/> </map> </property> </bean> <bean id="tvServiceClient" factory-bean="tvServiceClientFactory" factory-method="createWebClient"/> <bean id="tokenValidator" class="org.apache.cxf.rs.security.oauth2.filters.AccessTokenValidatorClient"> <property name="tokenValidatorClient" ref="tvServiceClient"/> </bean> <bean id="oauthFiler" class="org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter"> <property name="tokenValidator" ref="tokenValidator"/> </bean> <bean id="myApp" class="org.myapp.MyApp"/> <jaxrs:server id="fromThirdPartyToMyApp" address="/thirdparty-to-myapp"> <jaxrs:serviceBeans> <ref bean="myApp"/> </jaxrs:serviceBeans> <jaxrs:providers> <ref bean="oauthFilter"/> </jaxrs:providers> </jaxrs:server> |
OAuth2 tokens and SOAP endpoints
If you use HTTP Authorization header or WS-Security Binary token to pass OAuth2 tokens to SOAP endpoints then OAuthRequestInterceptor can be used to validate such tokens. It is OAuthRequestFilter running as CXF interceptor which will work OOB for tokens passed with Authorization header and it can be easily extended to support WS-Security binary tokens
...