Hi,
I have read the
http://mail-archives.apache.org/mod_mbox/cxf-users/201207.mbox/%3C029F19A0A3828F409E2F145593359C0E0BE40E [ at ] MSEMBox1.corporate.intra%3E
thread with great interest and as it is exactly what I am trying to achieve.
Just the services are different.
I am working JBoss EAP environment, I have access to the "GSSCredential"
object, I am ready to do the credential delegation to the my SOAP service
which is configured with a policy to accept Kerberos auth. I already
verified that service/auth works when using client configuration as defined
here
http://coheigea.blogspot.com/2011/10/using-kerberos-with-web-services-part.html
I see the class "AbstractSpnegoAuthSupplier", but I am failing to configure
an extended class of this as interceptor such that it provides
"KerberosClient" object. As "KerberosClient" object also needs the
"SecretKey". From what I understand I have use "KerberosSecurity" class but
do credential negotiation like "AbstractSpnegoAuthSupplier" then build out
a extended KerberosClient instance and supply in the
"ws-security.kerberos.client" property.
Can anybody suggest any easier way or tell if my thinking above is correct
or not?
Thank you very much for your time.
Ramesh..
I have read the
http://mail-archives.apache.org/mod_mbox/cxf-users/201207.mbox/%3C029F19A0A3828F409E2F145593359C0E0BE40E [ at ] MSEMBox1.corporate.intra%3E
thread with great interest and as it is exactly what I am trying to achieve.
Just the services are different.
I am working JBoss EAP environment, I have access to the "GSSCredential"
object, I am ready to do the credential delegation to the my SOAP service
which is configured with a policy to accept Kerberos auth. I already
verified that service/auth works when using client configuration as defined
here
http://coheigea.blogspot.com/2011/10/using-kerberos-with-web-services-part.html
I see the class "AbstractSpnegoAuthSupplier", but I am failing to configure
an extended class of this as interceptor such that it provides
"KerberosClient" object. As "KerberosClient" object also needs the
"SecretKey". From what I understand I have use "KerberosSecurity" class but
do credential negotiation like "AbstractSpnegoAuthSupplier" then build out
a extended KerberosClient instance and supply in the
"ws-security.kerberos.client" property.
Can anybody suggest any easier way or tell if my thinking above is correct
or not?
Thank you very much for your time.
Ramesh..