This is definitely a question for the Xwss folks. If you are calling the Xwss stuff, CXF isn't really involved here.
Dan On Tue February 10 2009 12:52:33 pm Kid_79 wrote: > Hi all, > I'm trying an example with xwss and cxf on server side for username token. > I have this configuration: > > wss-server-config.xml > <xwss:SecurityConfiguration > xmlns:xwss="http://java.sun.com/xml/ns/xwss/config"; dumpMessages="true"> > <xwss:RequireUsernameToken passwordDigestRequired="false" > nonceRequired="false"/> > </xwss:SecurityConfiguration> > > my beans.xml is: > > <jaxws:endpoint id="orderProcess" implementor="demo.order.OrderProcessImpl" > address="/OrderProcess" > > <jaxws:inInterceptors> > <ref bean="wsSecurityInterceptor"/> > </jaxws:inInterceptors> > </jaxws:endpoint> > > .... > > <bean id="wsSecurityInterceptor" > class="com.mypackage.interceptor.server.XwssInInterceptor"> > <property name="policyConfiguration" > value="/WEB-INF/wss-server-config.xml" /> > <property name="callbackHandlers"> > <list> > <ref bean="passwordValidationHandler" /> > </list> > </property> > </bean> > > <bean id="passwordValidationHandler" > class="com.mypackage.callback.SimplePasswordValidationCallbackHandler"> > <property name="users"> > <props> > <prop key="user">password</prop> > </props> > </property> > </bean> > > > where wsSecurityInterceptor and passwordValidationHandler are my > implentation! > > SimplePasswordValidationCallbackHandler class extends > AbstractCallbackHandler and AbstractCallbackHandler implements > CallbackHandler (javax.security.auth.callback.CallbackHandler) > while XwssInInterceptor class extends AbstractPhaseInterceptor (because cxf > implements this interceptor) > > Now when I have an request from client as: > ... > <soapenv:Header> > <wsse:Security > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecur >ity-secext-1.0.xsd" soapenv:mustUnderstand="1"> > <wsse:UsernameToken > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri >ty-utility-1.0.xsd" wsu:Id="username"> > <wsse:Username>prova</wsse:Username> > <wsse:Password > Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-toke >n-profile-1.0#PasswordText"> password > </wsse:Password> > </wsse:UsernameToken> > </wsse:Security> > </soapenv:Header> > ... > > in the handleInternal(Callback callback) method of > SimplePasswordValidationCallbackHandler class I have this callback param: > com.sun.xml.wss.impl.callback.SignatureKeyCallback > while I'm thinking that callback param is: > com.sun.xml.wss.impl.callback.PasswordValidationCallback for handle a > username and password. > > Where is wrong? > Can you help me? -- Daniel Kulp [email protected] http://www.dankulp.com/blog
