Re: [soap:Fault] pwd == null but a password is needed

David Jencks Sun, 26 Jul 2009 16:36:28 -0700

I chatted with Rahul on IRC a bit, and it looks to me as if his codeis doing what cxf and wss4j expect.

I think the next step is to figure out exactly where the fault iscoming from.

I would grep the cxf and wss4j source code for "but a password isneeded". If that doesn't find the source I would run geronimo in thedebugger and put a breakpoint at the end of the handle(CallbackHandlerhandler) method and step through the code.


I also wonder if the fault is from the WSS4jOutInterceptor.

thanks
david jencks

On Jul 26, 2009, at 4:20 PM, rahul.soa wrote:

Just one amendment here in my speculation about the fault cause.

I wrote this in the previous thread,
"but I dont know why I am getting this error pwd == null but apassword is needed at pwcb.setPassword(passwd);"
Now, i dont think this fault is coming from here
pwcb.setPassword(passwd);
as I have tested it by removing the following code to be sure aboutthe fault
  if (!pwcb.getPassword().equals(passwd)) {
                    LOG.debug("wrong password");
                    throw new IOException("wrong password");
                } else {
LOG.debug("I am setting the passwordhere ::::" + passwd);
                    pwcb.setPassword(passwd);
                }
from ServerPasswordHandler and I still have the same fault error inthe response.
Please correct me if I am wrong somewhere. I am not sure where thisfault come from?
Thank you.

Best Regards,
Rahul
On Mon, Jul 27, 2009 at 12:07 AM, rahul.soa<[email protected]> wrote:
Hello David/Devs,

Objective: trying to set web service security at serverside:
I am getting an error while accessing the secured webservice. Thesoap fault I am receiving is below:
Response:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>pwd == null but a password is needed</faultstring></soap:Fault></soap:Body></soap:Envelope>
Request:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1"><wsse:UsernameToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-32620541"><wsse:Username xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">system</wsse:Username><wsse:Password xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">manager</wsse:Password></wsse:UsernameToken></wsse:Security></soap:Header><soap:Body><add xmlns="http://jws.samples.geronimo.apache.org"><value1>2</value1><value2>2</value2></add></soap:Body></soap:Envelope>
How I am trying to do is,
1. At, server side (in the doPublish method of CXFEndpoint), I amsetting the WSS4JIn/OutInterceptor property for user token (pleasenote: this is not generic code at this moment)
 protected void doPublish(String baseAddress) {
// XXX: assume port 8080 by default since we don't know theactual port
        // at startup
String address = (baseAddress == null) ? "http://localhost:8080"
                : baseAddress;
JaxWsServerFactoryBean svrFactory = newGeronimoJaxWsServerFactoryBean();
        svrFactory.setBus(bus);
        svrFactory.setAddress(address + this.portInfo.getLocation());
        svrFactory.setServiceFactory(serviceFactory);
        svrFactory.setStart(false);
        svrFactory.setServiceBean(implementor);
if(HTTPBinding.HTTP_BINDING.equals(implInfo.getBindingType())) {svrFactory.setTransportId("http://cxf.apache.org/bindings/xformat");
        }

       // to receive the incoming username/password in soap request
        Map inProps = new HashMap();
        inProps.put(WSHandlerConstants.ACTION,
                WSHandlerConstants.USERNAME_TOKEN);
inProps.put(WSHandlerConstants.PASSWORD_TYPE,WSConstants.PW_TEXT);
        inProps.put(WSHandlerConstants.USER, "system");
        inProps.put(WSHandlerConstants.PW_CALLBACK_REF,
                new ServerPasswordHandler());

        server = svrFactory.create();
        // to receive the secure header
        WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
       // to send the secure soap header
       WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(inProps);
        init();

        org.apache.cxf.endpoint.Endpoint endpoint = getEndpoint();

        endpoint.getInInterceptors().add(wssIn);
        endpoint.getInInterceptors().add(
neworg.apache.cxf.binding.soap.saaj.SAAJInInterceptor());
        endpoint.getOutInterceptors().add(wssOut);
        endpoint.getOutInterceptors().add(
neworg.apache.cxf.binding.soap.saaj.SAAJOutInterceptor());
        LOG.debug("So far set the interceptor");
//

        if (getBinding() instanceof SOAPBinding
                && this.portInfo.isMTOMEnabled() != null) {
            ((SOAPBinding) getBinding()).setMTOMEnabled(this.portInfo
                    .isMTOMEnabled());
        }

        server.start();
        LOG.debug("Invoked");

    }
I am setting up the login authentication and setting the password inthe Server Handler, like following:
public class ServerPasswordHandler implements CallbackHandler {

    private static final Logger LOG = LoggerFactory
            .getLogger(ServerPasswordHandler.class);

    public void handle(Callback[] callbacks) throws IOException,
            UnsupportedCallbackException {

        for (int i = 0; i < callbacks.length; i++) {
WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];if (pwcb.getUsage() ==WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
                LOG.debug("I am inside the ServerPasswordHandler");
                String username = pwcb.getIdentifier();
                String passwd = pwcb.getPassword();

                LoginContext context = null;
                try {
                    // Login authentication goes here
// use the existing security realm for themoment for testing
                    context = ContextManager.login("geronimo-admin",
newUsernamePasswordCallbackHandler(username,
                                    passwd));
                    // ContextManager.login(realm, callbackHandler,
                    // configuration)
                    context.login();
                    LOG.debug("login is successful");
                } catch (LoginException e) {
                    LOG.debug("login failed");
throw new IOException("Unable to verify " +username
                            + " and " + passwd);
                }

                //TODO: what to do with subject
                Subject subject = context.getSubject();
                ContextManager.setCallers(subject, subject);

                    if (!pwcb.getPassword().equals(passwd)) {
                        LOG.debug("wrong password");
                        throw new IOException("wrong password");
                    } else {
LOG.debug("I am setting the passwordhere ::::"
                                + passwd);
                        pwcb.setPassword(passwd);
                    }

            }

        }
    }

}
In the traces, I can see the password value is "manager" which issent by client
I am setting the password here   ::::manager
but I dont know why I am getting this error pwd == null but apassword is needed at pwcb.setPassword(passwd);
Login authentication goes sucessful when the client provides thecorrect username and password (which are "system and "manager"respectively). and goes unsuccessful otherwise.
The full trace from the geronimo.log is attached here: (there aresome debug statement to see the traces )
2009-07-27 01:26:17,809 DEBUG [JAXWSServiceReference] Initializingservice with: file:/home/rahul/new_workspace1/GerominoWebClient/WEB-INF/wsdl/CalculatorService.wsdl {http://jws.samples.geronimo.apache.org}Calculator2009-07-27 01:26:18,031 DEBUG [PortMethodInterceptor] Set addressproperty: http://localhost:8080/GerominoWeb/calculator2009-07-27 01:26:18,031 DEBUG [CXFPortMethodInterceptor] Usernameand password sent by Clients are : system manager2009-07-27 01:26:18,126 DEBUG [CXFPasswordHandler] I HAVE SET THEVALUES system and manager2009-07-27 01:26:18,142 DEBUG [ServerPasswordHandler] I am insidethe ServerPasswordHandler2009-07-27 01:26:18,143 DEBUG [UsernamePasswordCallbackHandler] WHATI GOT HERE: system and manager2009-07-27 01:26:18,143 DEBUG [UsernamePasswordCallbackHandler]Username set to: system2009-07-27 01:26:18,143 DEBUG [UsernamePasswordCallbackHandler]password set to: manager2009-07-27 01:26:18,144 DEBUG [UsernamePasswordCallbackHandler] WHATI GOT HERE: system and manager2009-07-27 01:26:18,144 DEBUG [UsernamePasswordCallbackHandler]Username set to: system2009-07-27 01:26:18,144 DEBUG [UsernamePasswordCallbackHandler]password set to: manager2009-07-27 01:26:18,144 DEBUG [ServerPasswordHandler] login issuccessful2009-07-27 01:26:18,145 DEBUG [ServerPasswordHandler] I am settingthe password here ::::manager2009-07-27 01:26:18,313 INFO [PhaseInterceptorChain] Interceptorhas thrown exception, unwinding now pwd == null but a password isneeded
2009-07-27 01:26:18,376 ERROR [log] /jaxws-calculator/calculator
javax.xml.ws.soap.SOAPFaultException: pwd == null but a password isneededatorg.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:145)
    at $Proxy67.add(Unknown Source)
    at CalculatorServlet.doGet(CalculatorServlet.java:42)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:693)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
atorg.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:521)atorg.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:435)atorg.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:118)atorg.eclipse.jetty.server.session.SessionHandler.handle(SessionHandler.java:179)atorg.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:928)atorg.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:370)atorg.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:862)atorg.apache.geronimo.jetty7.handler.GeronimoWebAppContext.doScope(GeronimoWebAppContext.java:107)atorg.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:116)atorg.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:243)atorg.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126)atorg.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:115)
    at org.eclipse.jetty.server.Server.handle(Server.java:337)
atorg.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:561)at org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:943)at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:530)atorg.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:203)atorg.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:414)atorg.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:437)
    at org.apache.geronimo.pool.ThreadPool$1.run(ThreadPool.java:214)
at org.apache.geronimo.pool.ThreadPool$ContextClassLoaderRunnable.run(ThreadPool.java:344)at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
    at java.lang.Thread.run(Thread.java:619)
Caused by: org.apache.cxf.binding.soap.SoapFault: pwd == null but apassword is neededatorg.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75)atorg.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46)atorg.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35)atorg.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:226)atorg.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:96)atorg.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)atorg.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)atorg.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:226)at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:641)at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2102)at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1980)at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1905)atorg.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)atorg.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:600)at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)atorg.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:226)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:469)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:299)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:251)
atorg.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)atorg.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
    ... 28 more
Can you please let me know or correct me, why this is happening?, Ithink if password is set correctly in the pwcb.setPassword(passwd);then client should be able to access the secure web service. I amgetting the correct password "manager" (as seen in the logs) andsetting the same but I dont know why I am getting this fault.
Second thing is, I am not sure what to do with subject?
Am I missing something in the above code? Please correct me and helpme in this.
Many Thanks in advance for your response.

Regards,
Rahul

Re: [soap:Fault] pwd == null but a password is needed

Reply via email to