Maybe your keystore doesn't require a password to access keys? Could you post the security header of the SOAP request that is generated?
Colm. On Fri, Mar 4, 2011 at 5:08 PM, Abid K. <[email protected]> wrote: > The callbackhandler class location needs to be specified in the > properties file. My class looks like this without user/pass... > > public class PWCBHandler implements CallbackHandler { > public void handle( Callback[ ] callbacks ) throws IOException, > UnsupportedCallbackException { > } > } > > Yes, it does seem to be signing it, and by that I mean the signature > element is added and I get a response back from the service. Very > strange. > > To give you a little insight my client config is... > org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin > org.apache.ws.security.crypto.merlin.keystore.type=pkcs12 > org.apache.ws.security.crypto.merlin.file=something.pfx > org.apache.ws.security.crypto.merlin.keystore.password=something > > and > > Map<String, Object> outProps = new HashMap<String, Object>( ); > outProps.put( "action", "Timestamp Signature" ); > outProps.put( "user", [ALIAS FOR PRIVATE KEY] ); > outProps.put( "passwordCallbackClass", "com.example.PWCBHandler" ); > outProps.put( "signaturePropFile", "client.properties" ); > outProps.put( "signatureKeyIdentifier", "DirectReference" ); > outProps.put( "signatureParts", > "{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;"; > + "{Element}{http://www.w3.org/2005/08/addressing}To"; ); > bus.getOutInterceptors( ).add( new WSS4JOutInterceptor( outProps ) ); > > Map<String, Object> inProps = new HashMap<String, Object>( ); > inProps.put( "action", "Timestamp" ); > bus.getInInterceptors().add(new WSS4JInInterceptor(inProps)); > > Thanks > > On 4 March 2011 16:12, Colm O hEigeartaigh <[email protected]> wrote: >> If you're signing something then you definately need a password. Are >> you saying that it's producing a signature with no callbackhandler >> implementation? >> >> Colm. >> >> On Fri, Mar 4, 2011 at 4:01 PM, Abid K. <[email protected]> wrote: >>> Hi Colm, thanks for the explanation. I am signing the request using a >>> pfx file which contains the key. >>> >>> >>> On 4 March 2011 14:36, Colm O hEigeartaigh <[email protected]> wrote: >>>> It depends on what your client is doing, you only need a >>>> CallbackHandler implementation for certain actions, i.e. when you need >>>> a password. >>>> >>>> Colm. >>>> >>>> On Fri, Mar 4, 2011 at 2:19 PM, Abid K. <[email protected]> wrote: >>>>> Hi all, I have successfully setup a CXF client, but I am a little >>>>> confused regarding the CallbackHandler. >>>>> >>>>> It seems I just need to specify location of the callback class in the >>>>> WSS4J properties, but I can leave out the implementation and the >>>>> client still works. e.g. >>>>> >>>>> public class PWCBHandler implements CallbackHandler { >>>>> public void handle( Callback[ ] callbacks ) throws IOException, >>>>> UnsupportedCallbackException { >>>>> } >>>>> } >>>>> >>>>> I've seen examples where a user and password are set, but for some >>>>> reason I don't need to specify any of this. I'm hoping someone could >>>>> clarify why I don't need it. >>>>> >>>>> Thanks >>>>> >>>> >>> >> >
