Problems using encryption together with username token

ChristianD Mon, 13 Oct 2008 04:41:33 -0700

Hi there,

as the subject says, i have problems to get my web service running with
encryption and username token activated. But when I only use encryption
everything is fine.


Here is my config for the server:

1) cxf.xml:
<jaxws:inInterceptors>
        <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
        <constructor-arg>
                <map>
                        <entry key="action" value="Encrypt UsernameToken" />
                        <entry key="decryptionPropFile" 
value="server.properties" />
                        <entry key="passwordCallbackClass"
                        value="de.sms_stiewi.services.PwCallbackHandler" />
                </map>
        </constructor-arg>
        </bean>                 
</jaxws:inInterceptors>

2) server.properties:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.alias=serveralias
org.apache.ws.security.crypto.merlin.keystore.password=serversecret
org.apache.ws.security.crypto.merlin.file=serverkeystore.jks

3) PwCallbackHandler Class:
public class PwCallbackHandler implements CallbackHandler {
        public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
                WSPasswordCallback passwordCallback = (WSPasswordCallback) 
callbacks[0];
                
                if (passwordCallback.getIdentifer().equals("Anonymous")) {
                        passwordCallback.setPassword("secret");
                }
        }
}


And here the configuration for the client to test it:

1) Interceptor configuration:
WSS4JOutInterceptor wss4jOutInterceptor = new WSS4JOutInterceptor();
wss4jOutInterceptor.setProperty(WSHandlerConstants.ACTION,
WSHandlerConstants.USERNAME_TOKEN + " " + WSHandlerConstants.ENCRYPT);
wss4jOutInterceptor.setProperty(WSHandlerConstants.USER, "Anonymous");
wss4jOutInterceptor.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS,
"de.sms_stiewi.services.PwCallbackHandler");
wss4jOutInterceptor.setProperty(WSHandlerConstants.ENC_PROP_FILE,
"client.properties");

2) client.properties:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.alias=clientalias
org.apache.ws.security.crypto.merlin.keystore.password=clientsecret
org.apache.ws.security.crypto.merlin.file=clientkeystore.jks

3) PwCallbackHandler Class:
public class PwCallbackHandler implements CallbackHandler {
        public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
                WSPasswordCallback passwordCallback = (WSPasswordCallback) 
callbacks[0];
                
                passwordCallback.setPassword("secret");
        }
}

But if I run the client, i get the following Exception:
org.apache.cxf.binding.soap.SoapFault: Security processing failed.
        at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:234)
        at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:107)
        at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:220)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:296)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:242)
        at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
        at 
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:178)
        at $Proxy46.importiereKlrStammdaten(Unknown Source)
        at de.sms_stiewi.services.MainClient.main(MainClient.java:37)
Caused by: org.apache.ws.security.WSSecurityException: WSHandler:
Encryption: error during message
processingorg.apache.ws.security.WSSecurityException: General security error
(Unexpected number of X509Data: for Encryption)
        at
org.apache.ws.security.action.EncryptionAction.execute(EncryptionAction.java:65)
        at
org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:197)
        at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:47)
        at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:219)
        ... 8 more

When I only use encryption, I had to set the USER property of the
out-interceptor to the alias in the keystore (e.g. "clientalias"). But when
I do this with UsernameToken activated, I get the following Exception:
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: General
security error (WSSecurityEngine: Callback supplied no password for:
serveralias)
        at 
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:199)
        at $Proxy46.importiereKlrStammdaten(Unknown Source)
        at de.sms_stiewi.services.MainClient.main(MainClient.java:37)
Caused by: org.apache.cxf.binding.soap.SoapFault: General security error
(WSSecurityEngine: Callback supplied no password for: serveralias)
        at
org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:70)
        at
org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35)
        at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:220)
        at
org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:96)
        at
org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)
        at
org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
        at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:220)
        at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:449)
        at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2029)
        at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1865)
        at
org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:47)
        at 
org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:170)
        at 
org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
        at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:593)
        at
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
        at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:220)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:296)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:242)
        at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
        at 
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:178)
        ... 2 more

If someone can help me, I would be very thankful.

Greetings
Christian
-- 
View this message in context: 
http://www.nabble.com/Problems-using-encryption-together-with-username-token-tp19953282p19953282.html
Sent from the cxf-user mailing list archive at Nabble.com.

Problems using encryption together with username token

Reply via email to