The callbackhandler class location needs to be specified in the
properties file. My class looks like this without user/pass...
public class PWCBHandler implements CallbackHandler {
public void handle( Callback[ ] callbacks ) throws IOException,
UnsupportedCallbackException {
}
}
Yes, it does seem to be signing it, and by that I mean the signature
element is added and I get a response back from the service. Very
strange.
To give you a little insight my client config is...
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=pkcs12
org.apache.ws.security.crypto.merlin.file=something.pfx
org.apache.ws.security.crypto.merlin.keystore.password=something
and
Map<String, Object> outProps = new HashMap<String, Object>( );
outProps.put( "action", "Timestamp Signature" );
outProps.put( "user", [ALIAS FOR PRIVATE KEY] );
outProps.put( "passwordCallbackClass", "com.example.PWCBHandler" );
outProps.put( "signaturePropFile", "client.properties" );
outProps.put( "signatureKeyIdentifier", "DirectReference" );
outProps.put( "signatureParts",
"{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;";
+ "{Element}{http://www.w3.org/2005/08/addressing}To"; );
bus.getOutInterceptors( ).add( new WSS4JOutInterceptor( outProps ) );
Map<String, Object> inProps = new HashMap<String, Object>( );
inProps.put( "action", "Timestamp" );
bus.getInInterceptors().add(new WSS4JInInterceptor(inProps));
Thanks
On 4 March 2011 16:12, Colm O hEigeartaigh <[email protected]> wrote:
> If you're signing something then you definately need a password. Are
> you saying that it's producing a signature with no callbackhandler
> implementation?
>
> Colm.
>
> On Fri, Mar 4, 2011 at 4:01 PM, Abid K. <[email protected]> wrote:
>> Hi Colm, thanks for the explanation. I am signing the request using a
>> pfx file which contains the key.
>>
>>
>> On 4 March 2011 14:36, Colm O hEigeartaigh <[email protected]> wrote:
>>> It depends on what your client is doing, you only need a
>>> CallbackHandler implementation for certain actions, i.e. when you need
>>> a password.
>>>
>>> Colm.
>>>
>>> On Fri, Mar 4, 2011 at 2:19 PM, Abid K. <[email protected]> wrote:
>>>> Hi all, I have successfully setup a CXF client, but I am a little
>>>> confused regarding the CallbackHandler.
>>>>
>>>> It seems I just need to specify location of the callback class in the
>>>> WSS4J properties, but I can leave out the implementation and the
>>>> client still works. e.g.
>>>>
>>>> public class PWCBHandler implements CallbackHandler {
>>>> public void handle( Callback[ ] callbacks ) throws IOException,
>>>> UnsupportedCallbackException {
>>>> }
>>>> }
>>>>
>>>> I've seen examples where a user and password are set, but for some
>>>> reason I don't need to specify any of this. I'm hoping someone could
>>>> clarify why I don't need it.
>>>>
>>>> Thanks
>>>>
>>>
>>
>
