*Ask an expert a question, please comment:*
*I'm using CXF3.0.1, WS-context.XML on the server side configuration is as follows: * <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:jaxws="http://cxf.apache.org/jaxws"; xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd";> <import resource="classpath:META-INF/cxf/cxf.xml" /> <jaxws:endpoint id="iproviderconnector" address="/iproviderconnector" implementor="com.dcfs.payment.mb.ws.adapter.iproviderconnectorSOAPImpl"> <jaxws:inInterceptors> <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" /> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> <constructor-arg> <map> <entry key="action" value="UsernameToken" /> <entry key="passwordType" value="PasswordText" /> <entry key="passwordCallbackClass" value="com.dcfs.payment.mb.ws.security.WsAuthHandler" /> </map> </constructor-arg> </bean> </jaxws:inInterceptors> </jaxws:endpoint> </beans> *Server-side callback class:* import java.io.IOException; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.UnsupportedCallbackException; import org.apache.cxf.interceptor.Fault; import org.apache.wss4j.common.ext.WSPasswordCallback; import org.apache.xmlbeans.impl.soap.SOAPException; public class WsAuthHandler implements CallbackHandler { public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { String ws_pwd = "test"; String ws_user = "test"; for (int i = 0; i < callbacks.length; i++) { WSPasswordCallback pc = (WSPasswordCallback) callbacks[i]; String identifier = pc.getIdentifier(); String pwd = pc.getPassword(); int usage = pc.getUsage(); if(ws_user.equals(identifier)){ if (usage == WSPasswordCallback.USERNAME_TOKEN) { pc.setPassword(ws_pwd); } else if (usage == WSPasswordCallback.SIGNATURE) { pc.setPassword(ws_pwd); } } } } } *Server-side service class as follows * public class TestServer { TestServer(String args){ Iproviderconnector ews = new iproviderconnectorSOAPImpl(); JaxWsServerFactoryBean factory = new JaxWsServerFactoryBean(); factory.setServiceClass(Iproviderconnector.class); factory.setAddress("http://localhost:9000/Iproviderconnector";); factory.setServiceBean(ews); factory.create(); } public static void main(String[] args)throws InterruptedException{ new TestServer("Iproviderconnector"); System.out.println("Server ready..."); Thread.sleep(1000*60); System.out.println("Server exit..."); System.exit(0); } } * Use the weblogic11g, client access, and WebLogic error, as follows: * 2014-12-18 16:09:26 org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging WARNING: Interceptor for {http://adapter.ws.mb.payment.dcfs.com/}IproviderconnectorService#{http://adapter.ws.mb.payment.dcfs.com/}doCommon has thrown exception, unwinding now Throwable occurred: org.apache.cxf.binding.soap.SoapFault: MustUnderstand headers: [{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security] are not understood. at org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$MustUnderstandEndingInterceptor.handleMessage(MustUnderstandInterceptor.java:281) at org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$MustUnderstandEndingInterceptor.handleMessage(MustUnderstandInterceptor.java:259) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307) at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:243) at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:261) at org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:70) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1088) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1024) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135) at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) at org.eclipse.jetty.server.Server.handle(Server.java:370) at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494) at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:982) at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1043) at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:957) at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240) at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82) at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:696) at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:53) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608) at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543) at java.lang.Thread.run(Thread.java:738) *Please help Best wishes * -- View this message in context: http://cxf.547215.n5.nabble.com/CXF3-Server-side-token-validation-issues-tp5752544.html Sent from the cxf-dev mailing list archive at Nabble.com.
