[jira] [Commented] (CXF-7677) With CXF 3.2.1, using UsernameToken, cannot receive password in callback

Mon, 12 Mar 2018 15:13:18 -0700 

    [ 
https://issues.apache.org/jira/browse/CXF-7677?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16396149#comment-16396149
 ] 

Sumeet Mahajan commented on CXF-7677:
-------------------------------------

import java.io.IOException;

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;

import org.apache.wss4j.common.ext.WSPasswordCallback;

import 
sungard.expert.exception.webservices.planParticipant.WebServiceRuntimeException;
import sungard.expert.webservices.planParticipant.Authenticator;

public class Relius360ServerPasswordCallback implements CallbackHandler {
 
 @Override
 public void handle(Callback[] callbacks) throws IOException, 
UnsupportedCallbackException {
 
 WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
 String loginName = pc.getIdentifier(); 
 String password = pc.getPassword();
 boolean authenticated = Authenticator.authenticate(loginName, password);
 if (!authenticated){
 throw new WebServiceRuntimeException("Invalid UserName or Password!"); 
 }
 }

}

> With CXF 3.2.1, using UsernameToken, cannot receive password in callback
> ------------------------------------------------------------------------
>
>                 Key: CXF-7677
>                 URL: https://issues.apache.org/jira/browse/CXF-7677
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 3.2.1
>         Environment: Java 8.
> CXF 3.2.1
> wss4j-2.1.jar
> xmlsec-2.1.0.jar
>            Reporter: Sumeet Mahajan
>            Priority: Critical
>         Attachments: soap-request.xml
>
>
> I am attaching my SOAP request.
> It has SOAP Header with usernametoken which also has username and password in 
> plain text.
> I wrote a CallbackHandler to receive this username and password on server.
> I used to get the username and password in cxf 2.7.6 in my callbackhandler. 
> Whereas in cxf 3.2.1 I am no longer getting password. Its coming in as null. 
> I did follow the new classes (WSPasswordCallback) and changed the package etc.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to