Hi Mike, Authentication Providers are asked for SOAP headers before the request is completely processed. So, no, it is not possible to use it for signing the request.
OpenCMIS is designed to send and receive documents of arbitrary sizes. The requests and responses are streamed and are not kept in main memory. This allows us to deal with documents that are much larger than the main memory (vidoes, X-ray images, huge CAD drawings, etc.). If you want to sign the request and the document, you have to have them in memory. That is currently not supported. It would not be difficult to add support for SOAPHandlers, but there wasn't a use case, yet. Do you have any other options? If not, please open an issue [1]. At the moment, I'm a bit reluctant to open a loophole... Florian [1] https://issues.apache.org/jira/browse/CMIS > Thank you for your response. > > The WSDL suggestion should work for me so I'll progress with that. > > The authentication provider looks like it might work for including my > custom auth details but I also need to digitally sign the soap request and > include that digest value in the soap header. This means I need to add the > soap header after the soap body is created and I need to be able to access > it from the authentication provider code, is this possible using the > approach you suggest? > > Many thanks, > > Mike. > > On Tue, Jun 12, 2012 at 5:38 PM, Florian Müller <[email protected]> wrote: > >> Hi Mike, >> >> There is no way to change the endpoint after the WSDLs have been read. >> But you can download the WSDL, change the URLs and save it to disk. The >> WSDL session parameters accept file://... URLs. >> >> SOAPHandlers are deliberately not supported because they break content >> streaming. >> If your SOAPHandler only adds SOAP headers, then you can build your own >> Authentication Provider [1]. >> See the Standard Authentication Provider code [2] how to add SOAP headers >> to requests. >> >> >> Florian >> >> >> [2] >> http://chemistry.apache.org/java/developing/client/dev-client-bindings.html#OpenCMISClientBindings-CustomAuthenticationProvider >> [1] >> https://svn.apache.org/repos/asf/chemistry/opencmis/trunk/chemistry-opencmis-client/chemistry-opencmis-client-bindings/src/main/java/org/apache/chemistry/opencmis/client/bindings/spi/StandardAuthenticationProvider.java >> >> >>> Hello, >>> >>> I've just started using the OpenCMIS libraries to build a client >>> application to talk with CMIS repository using SOAP and have run into a >>> couple of problems that are detailed below: >>> >>> 1) Creating a session using a SessionFactory appears to make a call to >> the >>> specified endpoint to retrieve the WSDL and then use its specified >> endpoint >>> for subsequent calls. Unfortunately I cannot use the endpoint address in >>> the WSDL so would like to override this. Is there an easy way to do this >>> please? >>> >>> 2) My server implements a different authentication mechanism than >>> ws-security username/password. Ideally I'd like use some existing >>> SOAPHandlers to do this but I'm not sure how to specify a soap handler >>> chain, any suggestions on how to do this? >>> >>> >>> Any help or pointers would be greatly appreciated. >>> >>> >>> Many thanks, >>> >>> Mike. >>> >> >> >> >
