Hi Remy
I don't believe that the signatureParts is mandatory and if it's not set
then it defaults to signing the body. But this is based on a read of the
comments in org.apache.ws.security.handler.WSHandler.java
/*
* If after all the parsing no Signature parts defined, set here
a
* default set. This is necessary because we add
SignatureConfirmation
* and therefore the default (Body) must be set here. The
default setting
* in WSSignEnvelope doesn't work because the vector is not
empty anymore.
*/
Good luck,
Eamonn
-----Original Message-----
From: remy2009 [mailto:[email protected]]
Sent: 11 June 2009 12:35
To: [email protected]
Subject: RE: USERNAME_TOKEN + SIGNATURE gives "General security error
(WSSecurityEngine: No password callback supplied)"
Thanks Eamonn,
Must give this a try in the next few days.
Have to adapt for my code though, don't use the bean stuff myself, set
the
interceptors with annotations in the code. Still should be able to use
your
stuff. E.g. I didn't set "signatureParts". Is this mandatory?
Remy
Eamonn Dwyer wrote:
>
> Hi Remy
> Username, Timestamp, Signature seems to work for me using the
following
> config with cxf 2.1.3.1. Maybe this config might help for comparison.
>
> Regards,
> Eamonn
>
> In the Client :
>
> <bean
> id="SignBodyByAliceOutInterceptor"
> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"
> >
> <constructor-arg>
> <map>
> <entry key="action" value="UsernameToken Timestamp
> Signature"/>
> <entry key="user" value="alice"/>
> <entry key="signaturePropFile"
> value="alice.properties"/>
> <entry key="passwordCallbackClass"
> value="com.test.common.PasswordCallbackHandler"/>
> <entry
> key="signatureParts"
>
>
value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss
>
-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.o
> rg/soap/envelope/}Body"
> />
> </map>
> </constructor-arg>
> </bean>
>
>
> In the Server :
>
> <bean
> id="VerifyBodySignedByAliceInInterceptor"
> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"
> >
> <constructor-arg>
> <map>
> <entry key="signaturePropFile"
> value="alice.properties"/>
> <entry key="action" value="UsernameToken Timestamp
> Signature"/>
> <entry key="passwordCallbackClass" value="com.test.
> common.PasswordCallbackHandler"/>
>
> </map>
> </constructor-arg>
> </bean>
>
>
>
>
>
>
> -----Original Message-----
> From: remy2009 [mailto:[email protected]]
> Sent: 11 June 2009 10:36
> To: [email protected]
> Subject: Re: USERNAME_TOKEN + SIGNATURE gives "General security error
> (WSSecurityEngine: No password callback supplied)"
>
>
> Hi Mark,
>
> Tried the trick with multiple interceptors. Didn't work for me. But
> admitted, was some time ago. Wasn't too familiar with cxf yet. You
> might
> give it a try yourself.
>
> Remy
>
>
> mhw wrote:
>>
>> Remy,
>>
>> I just thought of a possible solution. Instead of supplying two
> actions to
>> the same interceptor, maybe one could create two separate
interceptors
> -
>> one handling the USERNAME_TOKEN, the other handling the SIGNATURE
> actions.
>> (or in my case, timestamp).
>>
>> Did you ever try this?
>>
>> --Mark
>>
>>
>>
>>
>> remy2009 wrote:
>>>
>>> Sorry, nothing yet. Work with custom SOAP_HEADER with SAML_TOKEN at
> the
>>> moment. This works for me at the moment but I will probably need
>>> USERNAME_TOKEN with SECURITY in the near. Still waiting for
solution.
>>>
>>> Did you happen to try new cxf-2.2.2 version yet?
>>>
>>> Remy
>>>
>>>
>>
>>
>
>
>
> --
> View this message in context:
>
http://www.nabble.com/USERNAME_TOKEN-%2B-SIGNATURE-gives-%22General-secu
>
rity-error-%28WSSecurityEngine%3A-No-password-callback-supplied%29%22-tp
> 21814109p23978179.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
>
>
--
View this message in context:
http://www.nabble.com/USERNAME_TOKEN-%2B-SIGNATURE-gives-%22General-secu
rity-error-%28WSSecurityEngine%3A-No-password-callback-supplied%29%22-tp
21814109p23979605.html
Sent from the cxf-user mailing list archive at Nabble.com.
