Hello,
i have a web service with symmetric binding and self-signed server certificate. I implemented a password callbackhandler for the password to the private key of the server. Now i want to add authentication with username token. So i added a supporting token to the ws security policy. To this point everything works fine. The server gets an encrypted request with a username token. My concern is that i do not want to do the authentication in my application. I want to integrate the username token with JBoss Security. So i followed these instructions: http://community.jboss.org/wiki/JBossWS-StackCXFUserGuide#Authentication_and_authorization However, it did not work. I used a debugger to check and i saw the authentication interceptor was created when my app was deployed but it was never called on a client request. Later i found this: http://svn.apache.org/repos/asf/cxf/tags/cxf-2.3.3/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/SimpleSubjectCreatingInterceptor.java I implemented an interceptor following that example. I put a breakpoint on the createSubject method. It was never called. Then i followed this example: http://svn.apache.org/repos/asf/cxf/tags/cxf-2.3.3/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/SimpleUsernameTokenInterceptor.java At least i know this interceptor was called. But it produced an error before the createSubject method was called. The error says: Security Token is not available on the current message But this can not be true. Because then i removed the interceptor removed the property ws-security.ut.no-callbacks and on the next request my password callbackhandler was called with the username i set on the client. Please, can anybody explain me what i am doing wrong? Thanks David
