I set a wrong password when client invoking web service. But I did NOT
receive any FAILED_AUTHENTICATION exception in server side. And service is
finished and result sent back to client.
I looked into UsernameTokenProcessor.java. It will take the following path
without throwing any FAILED_AUTHENTICATION exception. Please help!
} else if (cb != null) {
WSPasswordCallback pwCb = new WSPasswordCallback(user, password,
pwType, WSPasswordCallback.USERNAME_TOKEN_UNKNOWN);
callbacks[0] = pwCb;
try {
cb.handle(callbacks);
} catch (IOException e) {
throw new WSSecurityException(WSSecurityException.FAILURE,
"noPassword", new Object[]{user});
} catch (UnsupportedCallbackException e) {
throw new WSSecurityException(WSSecurityException.FAILURE,
"noPassword", new Object[]{user});
}
}
**SeverSide :
<entry key="action" value="UsernameToken"/>
<entry key="passwordType" value="PasswordText" />
<entry key="passwordCallbackClass"
value="demo.spring.security.ServerPasswordCallback"/>
public class ServerPasswordCallback implements CallbackHandler {
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
if(pc.getIdentifer().equals("joe")) {
pc.setPassword("password");
}
}
}
**ClientSide:
<entry key="action" value="UsernameToken"/>
<entry key="user" value="joe" />
<entry key="passwordType" value="PasswordText" />
<entry key="passwordCallbackClass"
value="demo.spring.security.ClientPasswordCallback"/>
public class ClientPasswordCallback implements CallbackHandler {
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
if(pc.getIdentifer().equals("joe")) {
pc.setPassword("*passwordWrong*");
}
}
}
--
View this message in context:
http://www.nabble.com/WS-Security-question%3A-client-wrong-password-triggers-no-exception-in-server-tp14586686p14586686.html
Sent from the cxf-user mailing list archive at Nabble.com.
