Thanks Eamonn,
Must give this a try in the next few days.
Have to adapt for my code though, don't use the bean stuff myself, set the
interceptors with annotations in the code. Still should be able to use your
stuff. E.g. I didn't set "signatureParts". Is this mandatory?
Remy
Eamonn Dwyer wrote:
>
> Hi Remy
> Username, Timestamp, Signature seems to work for me using the following
> config with cxf 2.1.3.1. Maybe this config might help for comparison.
>
> Regards,
> Eamonn
>
> In the Client :
>
> <bean
> id="SignBodyByAliceOutInterceptor"
> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"
> >
> <constructor-arg>
> <map>
> <entry key="action" value="UsernameToken Timestamp
> Signature"/>
> <entry key="user" value="alice"/>
> <entry key="signaturePropFile"
> value="alice.properties"/>
> <entry key="passwordCallbackClass"
> value="com.test.common.PasswordCallbackHandler"/>
> <entry
> key="signatureParts"
>
> value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss
> -wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.o
> rg/soap/envelope/}Body"
> />
> </map>
> </constructor-arg>
> </bean>
>
>
> In the Server :
>
> <bean
> id="VerifyBodySignedByAliceInInterceptor"
> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"
> >
> <constructor-arg>
> <map>
> <entry key="signaturePropFile"
> value="alice.properties"/>
> <entry key="action" value="UsernameToken Timestamp
> Signature"/>
> <entry key="passwordCallbackClass" value="com.test.
> common.PasswordCallbackHandler"/>
>
> </map>
> </constructor-arg>
> </bean>
>
>
>
>
>
>
> -----Original Message-----
> From: remy2009 [mailto:[email protected]]
> Sent: 11 June 2009 10:36
> To: [email protected]
> Subject: Re: USERNAME_TOKEN + SIGNATURE gives "General security error
> (WSSecurityEngine: No password callback supplied)"
>
>
> Hi Mark,
>
> Tried the trick with multiple interceptors. Didn't work for me. But
> admitted, was some time ago. Wasn't too familiar with cxf yet. You
> might
> give it a try yourself.
>
> Remy
>
>
> mhw wrote:
>>
>> Remy,
>>
>> I just thought of a possible solution. Instead of supplying two
> actions to
>> the same interceptor, maybe one could create two separate interceptors
> -
>> one handling the USERNAME_TOKEN, the other handling the SIGNATURE
> actions.
>> (or in my case, timestamp).
>>
>> Did you ever try this?
>>
>> --Mark
>>
>>
>>
>>
>> remy2009 wrote:
>>>
>>> Sorry, nothing yet. Work with custom SOAP_HEADER with SAML_TOKEN at
> the
>>> moment. This works for me at the moment but I will probably need
>>> USERNAME_TOKEN with SECURITY in the near. Still waiting for solution.
>>>
>>> Did you happen to try new cxf-2.2.2 version yet?
>>>
>>> Remy
>>>
>>>
>>
>>
>
>
>
> --
> View this message in context:
> http://www.nabble.com/USERNAME_TOKEN-%2B-SIGNATURE-gives-%22General-secu
> rity-error-%28WSSecurityEngine%3A-No-password-callback-supplied%29%22-tp
> 21814109p23978179.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
>
>
--
View this message in context:
http://www.nabble.com/USERNAME_TOKEN-%2B-SIGNATURE-gives-%22General-security-error-%28WSSecurityEngine%3A-No-password-callback-supplied%29%22-tp21814109p23979605.html
Sent from the cxf-user mailing list archive at Nabble.com.
