Hello Sergey, if i remove the password callback, i get another error message: General security error (WSSecurityEngine: Callback supplied no password for: myAlias)
The keystore.properties file contains only the password for the keystore, not for the private key inside the keystore. Also i can not find a way to create a private key without password by the java keytool. Is there another way to provide the password besides the password callback? Is there maybe a property in the keystore.properties file? I cannot find a suitable property in this list: http://cxf.apache.org/docs/ws-securitypolicy.html This is the content of the keystore.properties. The ${}-parts are replaced by maven with actual values: org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=jks org.apache.ws.security.crypto.merlin.keystore.password=${keystore.password} org.apache.ws.security.crypto.merlin.keystore.alias=${certificate.alias} org.apache.ws.security.crypto.merlin.file=${keystore.path} Thank you David -----Ursprüngliche Nachricht----- From: Sergey Beryozkin Sent: Thursday, March 31, 2011 10:21 PM To: [email protected] Subject: Re: UsernameToken JBoss Integration Hi - You don't need a password callback in this case. Cheers, Sergey On Thu, Mar 31, 2011 at 7:42 PM, David Zhang <[email protected]> wrote: > Hi Sergey, > > thank you very much for taking the time to help me. > I have set the property you mentioned. Look, this is my configuration: > > > <jaxws:endpoint id="SecureServiceBean" > > address="/example-ejb/SecureService" > > implementor="com.example.SecureServiceBean"> > > <jaxws:invoker> > > <bean class="org.jboss.wsf.stack.cxf.InvokerEJB3" /> > > </jaxws:invoker> > > <jaxws:inInterceptors> > > > <bean class="com.example.AuthenticationInterceptor1"/> > > </jaxws:inInterceptors> > > <jaxws:properties> > > <entry key="ws-security.ut.no-callbacks" value="true" /> > > <!--<entry key="ws-security.validate.token" value="false" />--> > > <entry key="ws-security.signature.properties" value="keystore.properties" > /> > > <entry key="ws-security.encryption.properties" value="keystore.properties" > /> > > <entry key="ws-security.callback-handler" > value="com.example.PasswordCallback" /> > > </jaxws:properties> > > </jaxws:endpoint> > > Where com.example.AuthenticationInterceptor1 extends > AbstractUsernameTokenInInterceptor. > This results in: > 12:01:12,770 ERROR > [org.apache.cxf.interceptor.security.AbstractSecurityContextInInterceptor] > Security Token is not available on the current message > > Thanks > David > > > -----Ursprüngliche Nachricht----- > From: Sergey Beryozkin > Sent: Thursday, March 31, 2011 11:06 AM > To: [email protected] > Subject: Re: UsernameToken JBoss Integration > > Hi > > Please check this section: > > > http://cxf.apache.org/docs/security.html#Security-WSSecurityUsernameTokenandCustomAuthentication > > In 2.3.x you have to set a "ws-security.ut.no-callbacks" property and this > will ensure AbstractUserNameTokenInterceptor can be used. > > Setting this property results in WSS4JInInterceptor duplicating WSS4J > specific UT into CXF specific UsernameToken which is what > AbstractUserNameTokenInterceptor is checking. > > Cheers, Sergey > > On Thu, Mar 31, 2011 at 8:42 AM, David Zhang <[email protected]> wrote: > > > > > Hello, > > > > > > > > i have a web service with symmetric binding and self-signed server > > certificate. > > > > I implemented a password callbackhandler for the password to the private > > key of the server. > > > > Now i want to add authentication with username token. So i added a > > supporting token to the ws security policy. > > > > > > > > To this point everything works fine. The server gets an encrypted request > > with a username token. > > > > My concern is that i do not want to do the authentication in my > > application. I want to integrate the username token with JBoss Security. > > > > > > > > So i followed these instructions: > > > http://community.jboss.org/wiki/JBossWS-StackCXFUserGuide#Authentication_and_authorization > > > > However, it did not work. I used a debugger to check and i saw the > > authentication interceptor was created when my app was deployed but it > was > > never called on a client request. > > > > > > > > Later i found this: > > > http://svn.apache.org/repos/asf/cxf/tags/cxf-2.3.3/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/SimpleSubjectCreatingInterceptor.java > > > > I implemented an interceptor following that example. I put a breakpoint > on > > the createSubject method. It was never called. > > > > > > > > Then i followed this example: > > > http://svn.apache.org/repos/asf/cxf/tags/cxf-2.3.3/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/SimpleUsernameTokenInterceptor.java > > > > At least i know this interceptor was called. But it produced an error > > before the createSubject method was called. The error says: Security > Token > > is not available on the current message > > > > > > > > But this can not be true. Because then i removed the interceptor removed > > the property ws-security.ut.no-callbacks and on the next request my > password > > callbackhandler was called with the username i set on the client. > > > > > > > > Please, can anybody explain me what i am doing wrong? > > > > > > > > Thanks > > > > David > > > > > > > -- > Sergey Beryozkin > > Application Integration Division of Talend <http://www.talend.com> > http://sberyozkin.blogspot.com -- Sergey Beryozkin Application Integration Division of Talend <http://www.talend.com> http://sberyozkin.blogspot.com
