WCF Service not accepting UsernameToken in security header along with SecurityContextToken sent by CXF client

Mon, 06 Apr 2009 09:24:31 -0700 

Hi,
We were connecting a CXF client to WCF as described in tutorial "WCF Getting Started Sample Tutorial with Message Security User Name" @ http://msdn.microsoft.com/en-us/library/ms752233.aspx and as reported in a JIRA ticket (for another issue) @ https://issues.apache.org/jira/browse/CXF-2158 

We found that WCF was throwing the following exception ...

Cannot find a token authenticator for the
'System.IdentityModel.Tokens.UserNameSecurityToken' token type.
Tokens of that type cannot be accepted according to current
security settings.


which we traced to being related to the WCF Service not accepting  
UsernameToken in security header along with SecurityContextToken sent  
by CXF client.  CXF was sending both, i.e.



<c:SecurityContextToken xmlns:c="http://schemas.xmlsoap.org/ws/2005/02/sc 
"
	xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd 
"

        u:Id="uuid-b7c16c8a-9816-4422-ac82-39ebbc64ae9e00">

	<c:Identifier>urn:uuid:1bfddc0c-944d-4c6b-99f9-9a1aa49f5700</ 
c:Identifier>

</c:SecurityContextToken>
<wsse:UsernameToken

	xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd 
"
	xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd 
"

        wsu:Id="UsernameToken-253884022">
        <wsse:Username>BART\myname</wsse:Username>
        <wsse:Password

		Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText 
">password</wsse:Password>

</wsse:UsernameToken>


Is there a way to configure the CXF client to only include the  
UsernameToken once?



The work around we applied was to create the following extension to  
the WSS4JOutInterceptor


public class JustOnceWSS4JOutInterceptor extends WSS4JOutInterceptor {
        int count = 0;

        /**
        * @param outProps
        */
        public JustOnceWSS4JOutInterceptor(Map<String, Object> outProps) {
                super(outProps);
        }

        @Override
        public void handleMessage(SoapMessage mc) throws Fault {
                if (count == 0) {
                        super.handleMessage(mc);
                }
                count++;
        }
}

although I'm sure there's a better way of doing this.

Ian

--
Ian Homer | http://blog.bemoko.com




























					Reply via email to