Hi,
My requirement is to perform a custom authentication on the username and
password that I receive as part of the UsernameToken header in the
incoming SOAP request. I discovered that cxf-2.3.2 provides an
AbstractUsernameTokenInInterceptor to perform this. I extended this class
and created my interceptor that overrides the createSubject method. When I
configure my interceptor in my beans.xml as shown below, I am getting an
exception.
This exception comes up when I use a password digest. The plain text
password works fine. Is there any problem in the way I have configured my
interceptor?
Entry in beans.xml
<jaxws:endpoint id="echo"
implementor="learn.wssecurity.echo.EchoServiceImpl"
wsdlLocation="wsdl/echo/EchoService.wsdl"
address="/EchoService">
<jaxws:inInterceptors>
<bean
class="learn.wssecurity.echo.WSSUsernameTokenInterceptor"/>
</jaxws:inInterceptors>
<jaxws:properties>
<entry key="ws-security.callback-handler"
value="learn.wssecurity.echo.ServerPasswordCallback" />
<entry key="ws-security.ut.no-callbacks"
value="true" />
</jaxws:properties>
</jaxws:endpoint>
Exception
java.lang.SecurityException: Security Token is not available on the
current message
at
org.apache.cxf.interceptor.security.AbstractSecurityContextInInterceptor.reportSecurityException(AbstractSecurityContextInInterceptor.java:
88)
at
org.apache.cxf.interceptor.security.AbstractSecurityContextInInterceptor.handleMessage(AbstractSecurityContextInInterceptor.java:47)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:255)
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:113)
at
org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:97)
at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:461)
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:188)
at
org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServlet.java:148)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:179)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:103)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:159)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:228)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:212)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:634)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:445)
at java.lang.Thread.run(Thread.java:595)
Thanks and regards,
Anand R
DISCLAIMER:
"The information in this e-mail and any attachment is intended only for
the person to whom it is addressed and may contain confidential and/or
privileged material. If you have received this e-mail in error, kindly
contact the sender and destroy all copies of the original communication.
IBS makes no warranty, express or implied, nor guarantees the accuracy,
adequacy or completeness of the information contained in this email or any
attachment and is not liable for any errors, defects, omissions, viruses
or for resultant loss or damage, if any, direct or indirect."
