Details
-
New Feature
-
Status: Closed
-
Major
-
Resolution: Fixed
-
2.4
-
None
Description
CXF-2905 introduced support for the WS-Trust 1.4 ActAs behaviour in CXF. This allows the user to send a security token as an "ActAs" element in a RequestSecurityToken invocation. This can be configured in two ways:
a) As a String directly on the STSClient bean in Spring, e.g. <property name="actAs" value="..."/>
b) As a String or DOM Element programmatically via the jaxws property SecurityConstants.STS_TOKEN_ACT_AS
CXF 2.4.0 supports the ability to set a security token as an "OnBehalfOf" element directly on the STSClient, but not provide configuration support.
There are three goals for this task:
a) Add the ability to configure OnBehalfOf in the same way as ActAs (String/Element)
b) Add the ability to also add a CallbackHandler object for either token. This is an alternative to having to add an interceptor to set the appropriate property.
c) Add two CallbackHandler implementations which can be used for either ActAs or OnBehalfOf for common scenarios. The first adds a received security token in the previous message (UsernameToken/SAML Token/Binary Security Token). The second adds a UsernameToken with no password, where the username is obtained via the jaxws:property ws-security.username.