I set a wrong password when client invoking web service. But I did NOT receive any FAILED_AUTHENTICATION exception in server side. And service is finished and result sent back to client.
I looked into UsernameTokenProcessor.java. It will take the following path without throwing any FAILED_AUTHENTICATION exception. Please help! } else if (cb != null) { WSPasswordCallback pwCb = new WSPasswordCallback(user, password, pwType, WSPasswordCallback.USERNAME_TOKEN_UNKNOWN); callbacks[0] = pwCb; try { cb.handle(callbacks); } catch (IOException e) { throw new WSSecurityException(WSSecurityException.FAILURE, "noPassword", new Object[]{user}); } catch (UnsupportedCallbackException e) { throw new WSSecurityException(WSSecurityException.FAILURE, "noPassword", new Object[]{user}); } } **SeverSide : <entry key="action" value="UsernameToken"/> <entry key="passwordType" value="PasswordText" /> <entry key="passwordCallbackClass" value="demo.spring.security.ServerPasswordCallback"/> public class ServerPasswordCallback implements CallbackHandler { public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { WSPasswordCallback pc = (WSPasswordCallback) callbacks[0]; if(pc.getIdentifer().equals("joe")) { pc.setPassword("password"); } } } **ClientSide: <entry key="action" value="UsernameToken"/> <entry key="user" value="joe" /> <entry key="passwordType" value="PasswordText" /> <entry key="passwordCallbackClass" value="demo.spring.security.ClientPasswordCallback"/> public class ClientPasswordCallback implements CallbackHandler { public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { WSPasswordCallback pc = (WSPasswordCallback) callbacks[0]; if(pc.getIdentifer().equals("joe")) { pc.setPassword("*passwordWrong*"); } } } -- View this message in context: http://www.nabble.com/WS-Security-question%3A-client-wrong-password-triggers-no-exception-in-server-tp14586686p14586686.html Sent from the cxf-user mailing list archive at Nabble.com.