Configuring Xwss and CXF on server side for username token

Tue, 10 Feb 2009 09:53:06 -0800 

Hi all, 
I'm trying an example with xwss and cxf on server side for username token. I
have this configuration:

wss-server-config.xml 
<xwss:SecurityConfiguration
xmlns:xwss="http://java.sun.com/xml/ns/xwss/config"; dumpMessages="true">
   <xwss:RequireUsernameToken passwordDigestRequired="false"
nonceRequired="false"/>
</xwss:SecurityConfiguration>

my beans.xml is:

<jaxws:endpoint id="orderProcess" implementor="demo.order.OrderProcessImpl" 
        address="/OrderProcess" >
        <jaxws:inInterceptors>
              <ref bean="wsSecurityInterceptor"/>
         </jaxws:inInterceptors>
</jaxws:endpoint> 

....

<bean id="wsSecurityInterceptor"
class="com.mypackage.interceptor.server.XwssInInterceptor">
        <property name="policyConfiguration" 
value="/WEB-INF/wss-server-config.xml"
/>
        <property name="callbackHandlers">
           <list>
               <ref bean="passwordValidationHandler" />
           </list>
        </property>
</bean>

<bean id="passwordValidationHandler"
class="com.mypackage.callback.SimplePasswordValidationCallbackHandler">
        <property name="users">
               <props>
                <prop key="user">password</prop>
               </props>
        </property>
</bean>


where wsSecurityInterceptor and passwordValidationHandler are my
implentation!

SimplePasswordValidationCallbackHandler class extends
AbstractCallbackHandler and AbstractCallbackHandler implements
CallbackHandler (javax.security.auth.callback.CallbackHandler)
while XwssInInterceptor class extends AbstractPhaseInterceptor (because cxf
implements this interceptor) 

Now when I have an request from client as:
...
<soapenv:Header>
                <wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
soapenv:mustUnderstand="1">
                        <wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="username">
                                <wsse:Username>prova</wsse:Username>
                                <wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>
                                        password
                                </wsse:Password>
                        </wsse:UsernameToken>
                </wsse:Security>
        </soapenv:Header>
...

in the handleInternal(Callback callback) method of
SimplePasswordValidationCallbackHandler class I have this callback param:
com.sun.xml.wss.impl.callback.SignatureKeyCallback
while I'm thinking that callback param is:
com.sun.xml.wss.impl.callback.PasswordValidationCallback for handle a
username and password.

Where is wrong?
Can you help me?




-- 
View this message in context: 
http://www.nabble.com/Configuring-Xwss-and-CXF-on-server-side-for-username-token-tp21939026p21939026.html
Sent from the cxf-dev mailing list archive at Nabble.com.

Reply via email to