Thanks Sergy. I will try the custom UsernameTokenProcessor. Thanks and regards, Anand R
From: Sergey Beryozkin <[email protected]> To: [email protected] Date: 03-02-11 04:39 PM Subject: Re: Problem with AbstractUsernameTokenInInterceptor Hi What WS-Security namespace is being used in the request ? If the "ws-security.ut.no-callbacks" is set to true then the org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor should not be invoked because it does currently require a callback for hashed UTs. So if the property is set then the WSS4JInInterceptor registers a custom UsernameTokenProcessor for " http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd " and "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";. Thanks, Sergey On Thu, Feb 3, 2011 at 10:51 AM, Anand R <[email protected]> wrote: > Hi Sergey, > > Thanks for your response. I used to get the following exception when I did > not configure a callback handler. This exception does not come if the > password is plain text instead of a digest. > > org.apache.cxf.interceptor.Fault: General security error > (WSSecurityEngine: No password callback supplied) > at > > org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.processUsernameToken(UsernameTokenInterceptor.java:154) > at > > org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.handleMessage(UsernameTokenInterceptor.java:114) > at > > org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.handleMessage(UsernameTokenInterceptor.java:72) > at > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:255) > at > > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:113) > at > > org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:97) > at > > org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:461) > at > > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:188) > at > > org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServlet.java:148) > at > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:179) > at > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:103) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) > at > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:159) > at > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) > at > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:228) > at > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) > at > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) > at > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) > at > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:212) > at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) > at > > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:634) > at > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:445) > at java.lang.Thread.run(Thread.java:595) > Caused by: org.apache.ws.security.WSSecurityException: General security > error (WSSecurityEngine: No password callback supplied) > at > > org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:91) > at > > org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.getPrincipal(UsernameTokenInterceptor.java:167) > at > > org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.processUsernameToken(UsernameTokenInterceptor.java:129) > ... 24 more > > > Thanks and regards, > Anand R > System Architect > IBS Software Services Private Limited > 2nd Floor - Left Wing, IBS Towers, Technopark Campus, Trivandrum - 695581, > Kerala, India > Telephone - +91-471-6614291, Mobile - +91-9846324022 > E-Mail - [email protected], www.ibsplc.com > > > > > From: Sergey Beryozkin <[email protected]> > To: [email protected] > Date: 03-02-11 04:08 PM > Subject: Re: Problem with AbstractUsernameTokenInInterceptor > > > > Hi > > On Thu, Feb 3, 2011 at 6:37 AM, Anand R <[email protected]> wrote: > > > Hi, > > > > My requirement is to perform a custom authentication on the username and > > password that I receive as part of the UsernameToken header in the > > incoming SOAP request. I discovered that cxf-2.3.2 provides an > > AbstractUsernameTokenInInterceptor to perform this. I extended this > class > > and created my interceptor that overrides the createSubject method. When > I > > configure my interceptor in my beans.xml as shown below, I am getting an > > exception. > > > > This exception comes up when I use a password digest. The plain text > > password works fine. Is there any problem in the way I have configured > my > > interceptor? > > > > > > Entry in beans.xml > > > > <jaxws:endpoint id="echo" > > implementor="learn.wssecurity.echo.EchoServiceImpl" > > wsdlLocation="wsdl/echo/EchoService.wsdl" > > address="/EchoService"> > > <jaxws:inInterceptors> > > <bean > > class="learn.wssecurity.echo.WSSUsernameTokenInterceptor"/> > > </jaxws:inInterceptors> > > <jaxws:properties> > > <entry key="ws-security.callback-handler" > > value="learn.wssecurity.echo.ServerPasswordCallback" /> > > <entry key="ws-security.ut.no-callbacks" > > value="true" /> > > </jaxws:properties> > > </jaxws:endpoint> > > > > > > What is the purpose of registering ServerPasswordCallback ? If you set a > "ws-security.ut.no-callbacks" property then you only need a callback if > you > have an encrypted UT, so that the UT can be decrypted. > So this callback that you're registering may be interfering in the case > when > you have a hashed UT token, can you remove it please and see what happens > ? > > Cheers, Sergey > > > > > > > > Exception > > > > java.lang.SecurityException: Security Token is not available on the > > current message > > at > > > > > > org.apache.cxf.interceptor.security.AbstractSecurityContextInInterceptor.reportSecurityException(AbstractSecurityContextInInterceptor.java: > > 88) > > at > > > > > > org.apache.cxf.interceptor.security.AbstractSecurityContextInInterceptor.handleMessage(AbstractSecurityContextInInterceptor.java:47) > > at > > > > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:255) > > at > > > > > > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:113) > > at > > > > > > org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:97) > > at > > > > > > org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:461) > > at > > > > > > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:188) > > at > > > > > > org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServlet.java:148) > > at > > > > > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:179) > > at > > > > > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:103) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) > > at > > > > > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:159) > > at > > > > > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) > > at > > > > > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > > at > > > > > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:228) > > at > > > > > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) > > at > > > > > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) > > at > > > > > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) > > at > > > > > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > > at > > > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:212) > > at > > > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) > > at > > > > > > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:634) > > at > > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:445) > > at java.lang.Thread.run(Thread.java:595) > > > > Thanks and regards, > > Anand R > > > > > > > > > > > > > > > > DISCLAIMER: > > > > "The information in this e-mail and any attachment is intended only for > > the person to whom it is addressed and may contain confidential and/or > > privileged material. If you have received this e-mail in error, kindly > > contact the sender and destroy all copies of the original communication. > > IBS makes no warranty, express or implied, nor guarantees the accuracy, > > adequacy or completeness of the information contained in this email or > any > > attachment and is not liable for any errors, defects, omissions, viruses > > or for resultant loss or damage, if any, direct or indirect." > > > > > > > > > > > > > > > > > > DISCLAIMER: > > "The information in this e-mail and any attachment is intended only for > the person to whom it is addressed and may contain confidential and/or > privileged material. If you have received this e-mail in error, kindly > contact the sender and destroy all copies of the original communication. > IBS makes no warranty, express or implied, nor guarantees the accuracy, > adequacy or completeness of the information contained in this email or any > attachment and is not liable for any errors, defects, omissions, viruses > or for resultant loss or damage, if any, direct or indirect." > > > > > DISCLAIMER: "The information in this e-mail and any attachment is intended only for the person to whom it is addressed and may contain confidential and/or privileged material. If you have received this e-mail in error, kindly contact the sender and destroy all copies of the original communication. IBS makes no warranty, express or implied, nor guarantees the accuracy, adequacy or completeness of the information contained in this email or any attachment and is not liable for any errors, defects, omissions, viruses or for resultant loss or damage, if any, direct or indirect."
