Willem Salembier created CXF-6400:
-------------------------------------
Summary: Make ws-security.callback-handler optional for generating
a WS-Security signature
Key: CXF-6400
URL: https://issues.apache.org/jira/browse/CXF-6400
Project: CXF
Issue Type: Improvement
Components: WS-* Components
Affects Versions: 2.7.16
Reporter: Willem Salembier
In AbstractBindingBuilder the presence of a callbackhandler is required to
generate a signature. If not a PolicyException is generated.
{code}
Caused by: org.apache.cxf.ws.policy.PolicyException: No callback handler and no
password available
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.policyNotAsserted(AbstractBindingBuilder.java:313)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.getPassword(AbstractBindingBuilder.java:1003)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.getSignatureBuilder(AbstractBindingBuilder.java:1832)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doSignature(AsymmetricBindingHandler.java:567)
{code}
https://github.com/apache/cxf/blob/71e20b4f5b918005055589b47e40f37733721676/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java#L931
With the addition of the property
{{org.apache.ws.security.crypto.merlin.keystore.private.password}} in wss4j, a
callbackhandler to retrieve the private key password isn't strictly necessary
anymore. Can CXF be adapted in this way?
Currently we define an empty callbackhandler just to satisfy CXF
{code}
@Override
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
}
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
