How can I get security credentials in a custom SwitchYard CallbackHandler in FSW 6?
Issue
- Part of our security implementation at ESB level is to pass certain user information to a customized JBoss login module which in turn will perform the authentication and authorization against a CAS (Central Authentication Service) server.
- Getting the values from a customized
AuthenticationHandlerto theLoginModuleis not a problem, but our issue is how to get the credential information from the HTTP request headers to theAuthenticationHandler. - We have created a sample
AuthenticationHandleras follows:
public class CustomAuthenticationHandler extends SwitchYardCallbackHandler {
@Inject
Context context;
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
...
}
}
- Deploying the module containing this class results to the following error:
16:31:12,039 DEBUG [org.jboss.weld.Bootstrap] (MSC service thread 1-2) WELD-000100 Weld initialized. Validating beans
16:31:12,043 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2) MSC000001: Failed to start service jboss.deployment.unit."example-app.jar".WeldStartService: org.jboss.msc.service.StartException in service jboss.deployment.unit."example-app.jar".WeldStartService: Failed to start service
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1767) [jboss-msc-1.0.4.GA-redhat-1.jar:1.0.4.GA-redhat-1]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_25]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_25]
at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25]
Caused by: org.jboss.weld.exceptions.DeploymentException: WELD-001408 Unsatisfied dependencies for type [Context] with qualifiers [@Default] at injection point [[field] @Inject com.example.esb.security.CustomAuthenticationHandler.context]
at org.jboss.weld.bootstrap.Validator.validateInjectionPoint(Validator.java:311)
- In the case above, the
AuthenticationHandlerclass is included in a separate module that is made a dependency of the actual SwitchYard project. - We have also tried including the
AuthenticationHandlerclass with our main SwitchYard application. The application deploys, but when we access the service (and thereby triggering thehandle()method of theAuthenticationHandlerclass), we get aNullPointerExceptionon the context instead, which I guess means that the@Injectannotation did not work. - What we want to happen is for this custom
AuthenticationHandlerto have access to request headers, and from the headers get user information (username/password, or token) and use them to populate the callback. We assume that the only way to get the information is through the context class, and as such would like to find a way to access it from theAuthenticationHandler. - If this is not possible, are there alternative ways of passing such information to the handler class?
Environment
- Red Hat JBoss Fuse Service Works (FSW)
- 6.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
