Hi On Thu, Feb 3, 2011 at 6:37 AM, Anand R <[email protected]> wrote:
> Hi, > > My requirement is to perform a custom authentication on the username and > password that I receive as part of the UsernameToken header in the > incoming SOAP request. I discovered that cxf-2.3.2 provides an > AbstractUsernameTokenInInterceptor to perform this. I extended this class > and created my interceptor that overrides the createSubject method. When I > configure my interceptor in my beans.xml as shown below, I am getting an > exception. > > This exception comes up when I use a password digest. The plain text > password works fine. Is there any problem in the way I have configured my > interceptor? > > > Entry in beans.xml > > <jaxws:endpoint id="echo" > implementor="learn.wssecurity.echo.EchoServiceImpl" > wsdlLocation="wsdl/echo/EchoService.wsdl" > address="/EchoService"> > <jaxws:inInterceptors> > <bean > class="learn.wssecurity.echo.WSSUsernameTokenInterceptor"/> > </jaxws:inInterceptors> > <jaxws:properties> > <entry key="ws-security.callback-handler" > value="learn.wssecurity.echo.ServerPasswordCallback" /> > <entry key="ws-security.ut.no-callbacks" > value="true" /> > </jaxws:properties> > </jaxws:endpoint> > > What is the purpose of registering ServerPasswordCallback ? If you set a "ws-security.ut.no-callbacks" property then you only need a callback if you have an encrypted UT, so that the UT can be decrypted. So this callback that you're registering may be interfering in the case when you have a hashed UT token, can you remove it please and see what happens ? Cheers, Sergey > > Exception > > java.lang.SecurityException: Security Token is not available on the > current message > at > > org.apache.cxf.interceptor.security.AbstractSecurityContextInInterceptor.reportSecurityException(AbstractSecurityContextInInterceptor.java: > 88) > at > > org.apache.cxf.interceptor.security.AbstractSecurityContextInInterceptor.handleMessage(AbstractSecurityContextInInterceptor.java:47) > at > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:255) > at > > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:113) > at > > org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:97) > at > > org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:461) > at > > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:188) > at > > org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServlet.java:148) > at > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:179) > at > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:103) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) > at > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:159) > at > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) > at > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:228) > at > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) > at > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) > at > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) > at > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:212) > at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) > at > > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:634) > at > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:445) > at java.lang.Thread.run(Thread.java:595) > > Thanks and regards, > Anand R > > > > > > > > DISCLAIMER: > > "The information in this e-mail and any attachment is intended only for > the person to whom it is addressed and may contain confidential and/or > privileged material. If you have received this e-mail in error, kindly > contact the sender and destroy all copies of the original communication. > IBS makes no warranty, express or implied, nor guarantees the accuracy, > adequacy or completeness of the information contained in this email or any > attachment and is not liable for any errors, defects, omissions, viruses > or for resultant loss or damage, if any, direct or indirect." > > > > >
