Web Security works for my example A, using JAX-WS Frontend / JAXB binding.
If client sets the wrong password, server will return "Security processing
failed." to the client.
Now I want to add WebSecurity to another example B, using Simple Frontend /
Aegis binding.
I use the same ServerPasswordCallback & ClientPasswordCallback as in example
A.
My xml is like this:
<simple:server id="helloWorld" serviceClass="demo.spring.HelloWorld"
address="/ServerEndPoint">
<simple:dataBinding>
<bean class="org.apache.cxf.aegis.databinding.AegisDatabinding" />
</simple:dataBinding>
<simple:serviceBean>
<bean class="demo.spring.HelloWorldImpl" />
</simple:serviceBean>
<simple:inInterceptors>
<bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"/>
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<property name="properties">
<!-- constructor-arg -->
<map>
<entry key="action" value="UsernameToken"/>
<entry key="passwordType"
value="PasswordDigest" />
<entry key="passwordCallbackClass"
value="demo.spring.security.ServerPasswordCallback"/>
</map>
<!-- constructor-arg -->
</property>
</bean>
</simple:inInterceptors>
</simple:server>
If client sets the password right, everything is fine. But if client sets
the wrong password,
server tomcat will have the following exception. And because of it, the
client doesn't receive any response,
and the client will have something like
Caused by: com.ctc.wstx.exc.WstxEOFException: Unexpected EOF in prolog
at [row,col {unknown-source}]: [1,0]
///////tomcat CXF server exception
INFO: Interceptor has thrown exception, unwinding now
java.lang.NullPointerException
at
org.apache.cxf.interceptor.FaultOutInterceptor.getFaultForClass(FaultOutInterceptor.java:
128)
at
org.apache.cxf.interceptor.FaultOutInterceptor.handleMessage(FaultOutInterceptor.java:61)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:207)
at
org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultCha
inInitiatorObserver.java:90)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:224)
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:7
3)
at
org.apache.cxf.transport.servlet.ServletDestination.doMessage(ServletDestination.java:79)
at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.ja
va:256)
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
at
org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServlet.java:170)
at
org.apache.cxf.transport.servlet.AbstractCXFServlet.doPost(AbstractCXFServlet.java:148)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j
ava:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:263)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.ja
va:584)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:595)
What's working for JAX-WS Frontend / JAXB binding does not work for Simple
Frontend / Aegis binding.
Is there anything wrong with my xml? How to fix it?
--
View this message in context:
http://www.nabble.com/WebSecurity-error-when-using-Simple-Frontend---Aegis-binding-tp15277618p15277618.html
Sent from the cxf-user mailing list archive at Nabble.com.
