Hi WSS4JInInterceptor is already registering a custom UT processor if the "ws-security.ut.no-callbacks" is set to true. So the hashed UTs should be supported with your configuration, without the need to register a callback. Can you give me a favor and check the actual WS-Security namespace that is used to qualify the security header ? You can add a CXF logging feature to the list of jaxws:features
thanks, Sergey On Thu, Feb 3, 2011 at 11:33 AM, Anand R <[email protected]> wrote: > Thanks Sergy. I will try the custom UsernameTokenProcessor. > Thanks and regards, > Anand R > > > > From: Sergey Beryozkin <[email protected]> > To: [email protected] > Date: 03-02-11 04:39 PM > Subject: Re: Problem with AbstractUsernameTokenInInterceptor > > > > Hi > > What WS-Security namespace is being used in the request ? > If the "ws-security.ut.no-callbacks" is set to true then the > org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor should not be > invoked because it does currently require a callback for hashed UTs. So if > the property is set then the WSS4JInInterceptor registers a custom > UsernameTokenProcessor for > > " > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > > " > and > "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";. > > Thanks, Sergey > > On Thu, Feb 3, 2011 at 10:51 AM, Anand R <[email protected]> wrote: > > > Hi Sergey, > > > > Thanks for your response. I used to get the following exception when I > did > > not configure a callback handler. This exception does not come if the > > password is plain text instead of a digest. > > > > org.apache.cxf.interceptor.Fault: General security error > > (WSSecurityEngine: No password callback supplied) > > at > > > > > > org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.processUsernameToken(UsernameTokenInterceptor.java:154) > > at > > > > > > org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.handleMessage(UsernameTokenInterceptor.java:114) > > at > > > > > > org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.handleMessage(UsernameTokenInterceptor.java:72) > > at > > > > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:255) > > at > > > > > > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:113) > > at > > > > > > org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:97) > > at > > > > > > org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:461) > > at > > > > > > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:188) > > at > > > > > > org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServlet.java:148) > > at > > > > > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:179) > > at > > > > > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:103) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) > > at > > > > > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:159) > > at > > > > > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) > > at > > > > > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > > at > > > > > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:228) > > at > > > > > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) > > at > > > > > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) > > at > > > > > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) > > at > > > > > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > > at > > > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:212) > > at > > > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) > > at > > > > > > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:634) > > at > > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:445) > > at java.lang.Thread.run(Thread.java:595) > > Caused by: org.apache.ws.security.WSSecurityException: General security > > error (WSSecurityEngine: No password callback supplied) > > at > > > > > > org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:91) > > at > > > > > > org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.getPrincipal(UsernameTokenInterceptor.java:167) > > at > > > > > > org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.processUsernameToken(UsernameTokenInterceptor.java:129) > > ... 24 more > > > > > > Thanks and regards, > > Anand R > > System Architect > > IBS Software Services Private Limited > > 2nd Floor - Left Wing, IBS Towers, Technopark Campus, Trivandrum - > 695581, > > Kerala, India > > Telephone - +91-471-6614291, Mobile - +91-9846324022 > > E-Mail - [email protected], www.ibsplc.com > > > > > > > > > > From: Sergey Beryozkin <[email protected]> > > To: [email protected] > > Date: 03-02-11 04:08 PM > > Subject: Re: Problem with AbstractUsernameTokenInInterceptor > > > > > > > > Hi > > > > On Thu, Feb 3, 2011 at 6:37 AM, Anand R <[email protected]> wrote: > > > > > Hi, > > > > > > My requirement is to perform a custom authentication on the username > and > > > password that I receive as part of the UsernameToken header in the > > > incoming SOAP request. I discovered that cxf-2.3.2 provides an > > > AbstractUsernameTokenInInterceptor to perform this. I extended this > > class > > > and created my interceptor that overrides the createSubject method. > When > > I > > > configure my interceptor in my beans.xml as shown below, I am getting > an > > > exception. > > > > > > This exception comes up when I use a password digest. The plain text > > > password works fine. Is there any problem in the way I have configured > > my > > > interceptor? > > > > > > > > > Entry in beans.xml > > > > > > <jaxws:endpoint id="echo" > > > implementor="learn.wssecurity.echo.EchoServiceImpl" > > > wsdlLocation="wsdl/echo/EchoService.wsdl" > > > address="/EchoService"> > > > <jaxws:inInterceptors> > > > <bean > > > class="learn.wssecurity.echo.WSSUsernameTokenInterceptor"/> > > > </jaxws:inInterceptors> > > > <jaxws:properties> > > > <entry key="ws-security.callback-handler" > > > value="learn.wssecurity.echo.ServerPasswordCallback" /> > > > <entry key="ws-security.ut.no-callbacks" > > > value="true" /> > > > </jaxws:properties> > > > </jaxws:endpoint> > > > > > > > > > > What is the purpose of registering ServerPasswordCallback ? If you set a > > "ws-security.ut.no-callbacks" property then you only need a callback if > > you > > have an encrypted UT, so that the UT can be decrypted. > > So this callback that you're registering may be interfering in the case > > when > > you have a hashed UT token, can you remove it please and see what > happens > > ? > > > > Cheers, Sergey > > > > > > > > > > > > > > Exception > > > > > > java.lang.SecurityException: Security Token is not available on the > > > current message > > > at > > > > > > > > > > > > org.apache.cxf.interceptor.security.AbstractSecurityContextInInterceptor.reportSecurityException(AbstractSecurityContextInInterceptor.java: > > > 88) > > > at > > > > > > > > > > > > org.apache.cxf.interceptor.security.AbstractSecurityContextInInterceptor.handleMessage(AbstractSecurityContextInInterceptor.java:47) > > > at > > > > > > > > > > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:255) > > > at > > > > > > > > > > > > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:113) > > > at > > > > > > > > > > > > org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:97) > > > at > > > > > > > > > > > > org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:461) > > > at > > > > > > > > > > > > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:188) > > > at > > > > > > > > > > > > org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServlet.java:148) > > > at > > > > > > > > > > > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:179) > > > at > > > > > > > > > > > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:103) > > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) > > > at > > > > > > > > > > > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:159) > > > at > > > > > > > > > > > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) > > > at > > > > > > > > > > > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > > > at > > > > > > > > > > > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:228) > > > at > > > > > > > > > > > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) > > > at > > > > > > > > > > > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) > > > at > > > > > > > > > > > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) > > > at > > > > > > > > > > > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > > > at > > > > > > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:212) > > > at > > > > > > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) > > > at > > > > > > > > > > > > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:634) > > > at > > > > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:445) > > > at java.lang.Thread.run(Thread.java:595) > > > > > > Thanks and regards, > > > Anand R > > > > > > > > > > > > > > > > > > > > > > > > DISCLAIMER: > > > > > > "The information in this e-mail and any attachment is intended only > for > > > the person to whom it is addressed and may contain confidential and/or > > > privileged material. If you have received this e-mail in error, kindly > > > contact the sender and destroy all copies of the original > communication. > > > IBS makes no warranty, express or implied, nor guarantees the > accuracy, > > > adequacy or completeness of the information contained in this email or > > any > > > attachment and is not liable for any errors, defects, omissions, > viruses > > > or for resultant loss or damage, if any, direct or indirect." > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > DISCLAIMER: > > > > "The information in this e-mail and any attachment is intended only for > > the person to whom it is addressed and may contain confidential and/or > > privileged material. If you have received this e-mail in error, kindly > > contact the sender and destroy all copies of the original communication. > > IBS makes no warranty, express or implied, nor guarantees the accuracy, > > adequacy or completeness of the information contained in this email or > any > > attachment and is not liable for any errors, defects, omissions, viruses > > or for resultant loss or damage, if any, direct or indirect." > > > > > > > > > > > > > > > > > > DISCLAIMER: > > "The information in this e-mail and any attachment is intended only for > the person to whom it is addressed and may contain confidential and/or > privileged material. If you have received this e-mail in error, kindly > contact the sender and destroy all copies of the original communication. > IBS makes no warranty, express or implied, nor guarantees the accuracy, > adequacy or completeness of the information contained in this email or any > attachment and is not liable for any errors, defects, omissions, viruses > or for resultant loss or damage, if any, direct or indirect." > > > > >
