Guys,
I am working with ws-security and I see strange things happening.
The soap header is signed and has a time stamp.
In my SecurityCallbackHandler I log a message when entering the handle() method.
This handler is used both for checking the request message signature/timestamp
and the signing and timestamping the response.
Now the strange thing is that I do see my logging for when working the response.
But when the request comes I see no logging fro mmy SecurityCallbackHandler.
Looks like that code is never touched.
What do I do wrong?
My config is :
<bean id="afleverServiceImpl"
class="nl.vrom.afleverservice.service.impl.AfleverServiceImpl">
<property name="businessService" ref="afleverBusinessService" />
</bean>
<jaxws:endpoint id="afleverService" implementor="#afleverServiceImpl"
address="/afleverservice" wsdlLocation="wsdl/AfleverService.wsdl">
<jaxws:properties>
<entry key="schema-validation-enabled" value="true" />
</jaxws:properties>
<jaxws:inInterceptors>
<ref bean="TimestampSign_Request"/>
</jaxws:inInterceptors>
<jaxws:outInterceptors>
<ref bean="TimestampSign_Response"/>
</jaxws:outInterceptors>
</jaxws:endpoint>
<bean id="TimestampSign_Request"
class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<entry key="action" value="Timestamp Signature"/>
<entry key="signaturePropFile"
value="serviceKeystore.properties"/>
<entry key="passwordCallbackClass"
value="nl.vrom.afleverservice.security.SecurityCallbackHandler"/>
</map>
</constructor-arg>
</bean>
<!--
WSS4JOutInterceptor for encoding and signing the SOAP response.
-->
<bean id="TimestampSign_Response"
class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<constructor-arg>
<map>
<entry key="action" value="Timestamp Signature"/>
<entry key="user" value="afleverservicetstkey"/>
<!--entry key="user" value="myservicekey"/-->
<entry key="signaturePropFile"
value="serviceKeystore.properties"/>
<entry key="passwordCallbackClass"
value="nl.vrom.afleverservice.security.SecurityCallbackHandler"/>
<entry key="signatureParts"
value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body"/>
</map>
</constructor-arg>
</bean>
My SecurityCallbackHandler code is :
public class SecurityCallbackHandler implements CallbackHandler {
static Logger logger = Logger.getLogger("SecurityCallbackHandler");
private Map<String, String> passwords = new HashMap<String, String>();
public SecurityCallbackHandler() {
}
/**
* Verwerk de callbacks voor het signen van het bericht. Als in een later
* stadium ook gedecrypt moet worden, dan kan deze zelfde callback gebruikt
* worden.
*
* @param callbacks
* De callbacks die afgehandeld moeten worden.
*/
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
logger.info("Callback START");
for (int i = 0; i < callbacks.length; i++) {
logger.info("callback array contents [" + i + "] = " +
callbacks[i].toString());
WSPasswordCallback pwcb = (WSPasswordCallback) callbacks[i];
String id = pwcb.getIdentifier();
logger.info("Callback HIT [id=" + id + "]");
switch (pwcb.getUsage()) {
case WSPasswordCallback.DECRYPT:
case WSPasswordCallback.SIGNATURE:
// used to retrieve password for private key
// TODO
// if ("myservicekey".equals(id)) {
if ("digipoorttstkey".equals(id)) {
pwcb.setPassword(Config.getServerKeystorePasswd());
}
logger.info("ID: " + id + " en pw: " + pwcb.getPassword());
break;
default:
throw new IOException("Illegal Usage specified in callback.");
}
}
logger.info("Callback END");
}
}
Regards
Alex
