I outlined the reasons here: http://coheigea.blogspot.com/2011/04/wss4j-16-introducing-validators.html
Colm. On Mon, Jun 27, 2011 at 7:03 PM, Vivek Alampally <[email protected]> wrote: > Thanks Colm, This works. But I have a question, why the validators are > introduced in WSS4J 1.6. > > On Mon, Jun 27, 2011 at 11:58 AM, Colm O hEigeartaigh <[email protected]> > wrote: >> >> In your service side CallbackHandler, replace: >> >> <<<<< >> if (pc.getIdentifier().equals(this.username)) { >> >> if (!pc.getPassword().equals(this.password)) { >> throw new IOException("Invalid password"); >> } >> } >> else{ >> throw new IOException("Invalid Identifier"); >> } >> >>>>> >> >> with >> >> <<<<< >> if (pc.getIdentifier().equals(this.username)) { >> pc.setPassword(this.password); >> } >> else{ >> throw new IOException("Invalid Identifier"); >> } >> >>>>> >> >> Colm. >> >> On Mon, Jun 27, 2011 at 4:54 PM, Vivek Alampally <[email protected]> >> wrote: >> > Sorry, I might be irritating you but this is what I have done. >> > Server Side (Web service side) >> > -------------------------------------------- >> > >> > <jaxws:inInterceptors> >> > <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" /> >> > <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> >> > <constructor-arg> >> > <map> >> > <entry key="action" value="UsernameToken" /> >> > <entry key="passwordType" value="PasswordText" /> >> > <entry key="passwordCallbackRef"> >> > <ref bean="ServerPasswordCallback" /> >> > </entry> >> > </map> >> > </constructor-arg> >> > </bean> >> > </jaxws:inInterceptors> >> > <bean id="ServerPasswordCallback" >> > class="com.fdt.sdl.security.authentication.util.ServerPasswordCallback"> >> > <property name="username" value="${webservice.username}" /> >> > <property name="password" value="${webservice.password}" /> >> > </bean> >> > public class ServerPasswordCallback implements CallbackHandler { >> > private String username; >> > private String password; >> > public String getUsername() { >> > return username; >> > } >> > public void setUsername(String username) { >> > this.username = username; >> > } >> > public String getPassword() { >> > return password; >> > } >> > public void setPassword(String password) { >> > this.password = password; >> > } >> > @Override >> > public void handle(Callback[] callbacks) throws IOException, >> > UnsupportedCallbackException { >> > WSPasswordCallback pc = (WSPasswordCallback) callbacks[0]; >> > if (pc.getIdentifier().equals(this.username)) { >> > if (!pc.getPassword().equals(this.password)) { >> > throw new IOException("Invalid password"); >> > } >> > } >> > else{ >> > throw new IOException("Invalid Identifier"); >> > } >> > } >> > } >> > Client Side >> > ------------------- >> > <bean id="logIn" class="org.apache.cxf.interceptor.LoggingInInterceptor" >> > /> >> > <bean id="logOut" >> > class="org.apache.cxf.interceptor.LoggingOutInterceptor" >> > /> >> > <bean id="saajOut" >> > class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" /> >> > <bean id="wss4jOut" >> > class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"> >> > <constructor-arg> >> > <map> >> > <entry key="action" value="UsernameToken" /> >> > <entry key="user" value="${webservice.username}" /> >> > <entry key="passwordType" value="PasswordText" /> >> > <entry key="passwordCallbackRef"> >> > <ref bean="clientPasswordCallback" /> >> > </entry> >> > </map> >> > </constructor-arg> >> > </bean> >> > In clientFactoryBean, >> > <property name="inInterceptors"> >> > <list> >> > <ref bean="logIn" /> >> > </list> >> > </property> >> > <property name="outInterceptors"> >> > <list> >> > <ref bean="logOut" /> >> > <ref bean="saajOut" /> >> > <ref bean="wss4jOut" /> >> > </list> >> > </property> >> > <bean id="clientPasswordCallback" >> > class="com.fdt.sdl.security.authentication.util.ClientPasswordCallback"> >> > <property name="password" value="${webservice.password}" /> >> > </bean> >> > public class ClientPasswordCallback implements CallbackHandler { >> > private String password; >> > public String getPassword() { >> > return password; >> > } >> > public void setPassword(String password) { >> > this.password = password; >> > } >> > @Override >> > public void handle(Callback[] callbacks) throws IOException, >> > UnsupportedCallbackException { >> > WSPasswordCallback pc = (WSPasswordCallback) callbacks[0]; >> > pc.setPassword(this.password); >> > } >> > } >> > >> > On Mon, Jun 27, 2011 at 11:38 AM, Colm O hEigeartaigh >> > <[email protected]> >> > wrote: >> >> >> >> How are you validating the received username/password at the moment? >> >> If you have access to a password for a given user in the >> >> CallbackHandler, then you don't need to write a Validator. Simply set >> >> the password on the WSPasswordCallback object, and the >> >> UsernameTokenValidator will take care of the validation. >> >> >> >> Colm. >> >> >> >> On Mon, Jun 27, 2011 at 4:11 PM, Vivek Alampally <[email protected]> >> >> wrote: >> >> > Hi Colm, >> >> > Do you have any link pointing to how this can be done. >> >> > I just need to have a username & password for existing web service. >> >> > For >> >> > this >> >> > do I need to write a custom Validator. Can I use existing >> >> > default UsernameTokenValidator? >> >> > Thanks, >> >> > Vivek. >> >> > >> >> > On Mon, Jun 27, 2011 at 10:55 AM, Colm O hEigeartaigh >> >> > <[email protected]> >> >> > wrote: >> >> >> >> >> >> In WSS4J 1.6 the password is not supplied to the CallbackHandler, >> >> >> only >> >> >> the username. The CallbackHandler is expected to supply the password >> >> >> to the default Validator (UsernameTokenValidator) in this case. If >> >> >> you >> >> >> wish to implement some custom scenario, you must implement your own >> >> >> Validator implementation. See here for more information: >> >> >> >> >> >> >> >> >> >> >> >> http://coheigea.blogspot.com/2011/04/wss4j-16-introducing-validators.html >> >> >> >> >> >> Colm. >> >> >> >> >> >> On Mon, Jun 27, 2011 at 3:36 PM, Vivek Alampally >> >> >> <[email protected]> >> >> >> wrote: >> >> >> > Here is the actual problem when integrating CXF 2.4.1 with WSS4J >> >> >> > 1.6.1. >> >> >> > So >> >> >> > does this change require change in configuration.. Can anybody >> >> >> > please >> >> >> > help >> >> >> > me in fixing this issue. >> >> >> > >> >> >> > java.lang.NullPointerException >> >> >> > at >> >> >> > >> >> >> > >> >> >> > >> >> >> > com.fdt.sdl.security.authentication.util.ServerPasswordCallback.handle(ServerPasswordCallback.java:41) >> >> >> > at >> >> >> > >> >> >> > >> >> >> > >> >> >> > org.apache.ws.security.validate.UsernameTokenValidator.verifyDigestPassword(UsernameTokenValidator.java:168) >> >> >> > at >> >> >> > >> >> >> > >> >> >> > >> >> >> > org.apache.ws.security.validate.UsernameTokenValidator.verifyPlaintextPassword(UsernameTokenValidator.java:142) >> >> >> > at >> >> >> > >> >> >> > >> >> >> > >> >> >> > org.apache.ws.security.validate.UsernameTokenValidator.validate(UsernameTokenValidator.java:100) >> >> >> > at >> >> >> > >> >> >> > >> >> >> > >> >> >> > org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:118) >> >> >> > at >> >> >> > >> >> >> > >> >> >> > >> >> >> > org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:52) >> >> >> > at >> >> >> > >> >> >> > >> >> >> > >> >> >> > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396) >> >> >> > at >> >> >> > >> >> >> > >> >> >> > >> >> >> > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:249) >> >> >> > at >> >> >> > >> >> >> > >> >> >> > >> >> >> > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:85) >> >> >> > at >> >> >> > >> >> >> > >> >> >> > >> >> >> > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263) >> >> >> > at >> >> >> > >> >> >> > >> >> >> > >> >> >> > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:118) >> >> >> > at >> >> >> > >> >> >> > >> >> >> > >> >> >> > org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:208) >> >> >> > at >> >> >> > >> >> >> > >> >> >> > >> >> >> > org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:223) >> >> >> > at >> >> >> > >> >> >> > >> >> >> > >> >> >> > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:205) >> >> >> > at >> >> >> > >> >> >> > >> >> >> > >> >> >> > org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:113) >> >> >> > at >> >> >> > >> >> >> > >> >> >> > >> >> >> > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:184) >> >> >> > at >> >> >> > >> >> >> > >> >> >> > >> >> >> > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:107) >> >> >> > at javax.servlet.http.HttpServlet.service(HttpServlet.java:641) >> >> >> > at >> >> >> > >> >> >> > >> >> >> > >> >> >> > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:163) >> >> >> > at >> >> >> > >> >> >> > >> >> >> > >> >> >> > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304) >> >> >> > at >> >> >> > >> >> >> > >> >> >> > >> >> >> > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) >> >> >> > at >> >> >> > >> >> >> > >> >> >> > >> >> >> > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240) >> >> >> > at >> >> >> > >> >> >> > >> >> >> > >> >> >> > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164) >> >> >> > at >> >> >> > >> >> >> > >> >> >> > >> >> >> > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462) >> >> >> > at >> >> >> > >> >> >> > >> >> >> > >> >> >> > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164) >> >> >> > at >> >> >> > >> >> >> > >> >> >> > >> >> >> > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) >> >> >> > at >> >> >> > >> >> >> > >> >> >> > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:563) >> >> >> > at >> >> >> > >> >> >> > >> >> >> > >> >> >> > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) >> >> >> > at >> >> >> > >> >> >> > >> >> >> > >> >> >> > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:403) >> >> >> > at >> >> >> > >> >> >> > >> >> >> > >> >> >> > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:301) >> >> >> > at >> >> >> > >> >> >> > >> >> >> > >> >> >> > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:162) >> >> >> > at >> >> >> > >> >> >> > >> >> >> > >> >> >> > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:140) >> >> >> > at >> >> >> > >> >> >> > >> >> >> > >> >> >> > org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309) >> >> >> > at >> >> >> > >> >> >> > >> >> >> > >> >> >> > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) >> >> >> > at >> >> >> > >> >> >> > >> >> >> > >> >> >> > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) >> >> >> > at java.lang.Thread.run(Thread.java:662) >> >> >> > >> >> >> > On Mon, Jun 27, 2011 at 10:22 AM, Vivek Alampally >> >> >> > <[email protected]>wrote: >> >> >> > >> >> >> >> Sorry this exception got resolved when I removed >> >> >> >> XMLSchema1.4.7.jar >> >> >> >> >> >> >> >> >> >> >> >> On Mon, Jun 27, 2011 at 10:14 AM, Vivek Alampally >> >> >> >> <[email protected]>wrote: >> >> >> >> >> >> >> >>> Hi, >> >> >> >>> Thanks for your prompt response. >> >> >> >>> >> >> >> >>> When I add WSS4j 1.6.1 the below exception is coming. >> >> >> >>> org.springframework.beans.factory.BeanDefinitionStoreException: >> >> >> >>> Factory >> >> >> >>> method [public java.lang.Object >> >> >> >>> org.apache.cxf.jaxws.JaxWsProxyFactoryBean.create()] threw >> >> >> >>> exception; >> >> >> >>> nested >> >> >> >>> exception is java.lang.NoSuchFieldError: QUALIFIED >> >> >> >>> >> >> >> >>> >> >> >> >>> Does this change require any change in configuration as well. >> >> >> >>> >> >> >> >>> >> >> >> >>> >> >> >> >>> On Mon, Jun 27, 2011 at 9:53 AM, Colm O hEigeartaigh >> >> >> >>> <[email protected] >> >> >> >>> > wrote: >> >> >> >>> >> >> >> >>>> They are incompatible - you must use WSS4J 1.6.x with CXF >> >> >> >>>> 2.4.x. >> >> >> >>>> >> >> >> >>>> Colm. >> >> >> >>>> >> >> >> >>>> On Mon, Jun 27, 2011 at 2:47 PM, Vivek Alampally >> >> >> >>>> <[email protected]> >> >> >> >>>> wrote: >> >> >> >>>> > Hi >> >> >> >>>> > I am getting the following exception while replacing existing >> >> >> >>>> > cxf >> >> >> >>>> > 2.3.3 >> >> >> >>>> jar >> >> >> >>>> > with Apache CXF 2.4.1 >> >> >> >>>> > java.lang.NoSuchMethodError< >> >> >> >>>> >> >> >> >>>> >> >> >> >>>> >> >> >> >>>> http://download.oracle.com/javase/6/docs/api/java/lang/NoSuchMethodError.html >> >> >> >>>> >: >> >> >> >>>> > >> >> >> >>>> >> >> >> >>>> >> >> >> >>>> >> >> >> >>>> org.apache.ws.security.util.WSSecurityUtil.decodeAction(Ljava/lang/String;Ljava/util/List;)I >> >> >> >>>> > >> >> >> >>>> > Can anyone please tell me whether there are any compatibility >> >> >> >>>> > issues >> >> >> >>>> > with Apache CXF 2.4 and wss4j 1.5.11. >> >> >> >>>> > >> >> >> >>>> >> >> >> >>>> >> >> >> >>>> >> >> >> >>>> -- >> >> >> >>>> Colm O hEigeartaigh >> >> >> >>>> >> >> >> >>>> http://coheigea.blogspot.com/ >> >> >> >>>> Talend - http://www.talend.com >> >> >> >>>> >> >> >> >>> >> >> >> >>> >> >> >> >> >> >> >> > >> >> >> >> >> >> >> >> >> >> >> >> -- >> >> >> Colm O hEigeartaigh >> >> >> >> >> >> http://coheigea.blogspot.com/ >> >> >> Talend - http://www.talend.com >> >> > >> >> > >> >> >> >> >> >> >> >> -- >> >> Colm O hEigeartaigh >> >> >> >> http://coheigea.blogspot.com/ >> >> Talend - http://www.talend.com >> > >> > >> >> >> >> -- >> Colm O hEigeartaigh >> >> http://coheigea.blogspot.com/ >> Talend - http://www.talend.com > > -- Colm O hEigeartaigh http://coheigea.blogspot.com/ Talend - http://www.talend.com
