RE: USERNAME_TOKEN + SIGNATURE gives "General security error (WSSecurityEngine: No password callback supplied)"

Thu, 11 Jun 2009 04:04:25 -0700 

Hi Remy
Username, Timestamp, Signature seems to work for me using the following
config with cxf 2.1.3.1. Maybe this config might help for comparison.

Regards,
Eamonn

In the Client :

    <bean 
        id="SignBodyByAliceOutInterceptor"
        class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"
        >
        <constructor-arg>
            <map>
                <entry key="action" value="UsernameToken Timestamp
Signature"/>
                <entry key="user" value="alice"/>
                <entry key="signaturePropFile"
value="alice.properties"/>
                <entry key="passwordCallbackClass"
value="com.test.common.PasswordCallbackHandler"/>
                <entry 
                    key="signatureParts"
 
value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss
-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.o
rg/soap/envelope/}Body"
                    />
            </map>
        </constructor-arg>
    </bean>


In the Server :

    <bean 
        id="VerifyBodySignedByAliceInInterceptor"
        class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"
        >
        <constructor-arg>
            <map>
                <entry key="signaturePropFile"
value="alice.properties"/>            
                <entry key="action" value="UsernameToken Timestamp
Signature"/>
                <entry key="passwordCallbackClass" value="com.test.
common.PasswordCallbackHandler"/>

            </map>
        </constructor-arg>
    </bean>






-----Original Message-----
From: remy2009 [mailto:[email protected]] 
Sent: 11 June 2009 10:36
To: [email protected]
Subject: Re: USERNAME_TOKEN + SIGNATURE gives "General security error
(WSSecurityEngine: No password callback supplied)"


Hi Mark,

Tried the trick with multiple interceptors. Didn't work for me. But
admitted, was some time ago. Wasn't too familiar with cxf yet. You
might
give it a try yourself.

Remy


mhw wrote:
> 
> Remy,
> 
> I just thought of a possible solution. Instead of supplying two
actions to
> the same interceptor, maybe one could create two separate interceptors
-
> one handling the USERNAME_TOKEN, the other handling the SIGNATURE
actions.
> (or in my case, timestamp).
> 
> Did you ever try this?
> 
> --Mark
> 
> 
> 
> 
> remy2009 wrote:
>> 
>> Sorry, nothing yet. Work with custom SOAP_HEADER with SAML_TOKEN at
the
>> moment. This works for me at the moment but I will probably need
>> USERNAME_TOKEN with SECURITY in the near. Still waiting for solution.
>> 
>> Did you happen to try new cxf-2.2.2 version yet?
>> 
>> Remy
>> 
>> 
> 
> 



-- 
View this message in context:
http://www.nabble.com/USERNAME_TOKEN-%2B-SIGNATURE-gives-%22General-secu
rity-error-%28WSSecurityEngine%3A-No-password-callback-supplied%29%22-tp
21814109p23978179.html
Sent from the cxf-user mailing list archive at Nabble.com.

Reply via email to