Try upgrading to latest CXF version. There has been quite some improvements in the security area since 2.2.x
2011/10/23 Bhavin <[email protected]>: > I am trying to add UsernameToken based security in web services written using > apache cxf version 2.2.12. > > Once I deploy my application in weblogic, I am getting two URL's from which > I can access my WSDL. > 1.http://localhst:8080/myapp/services/MyService?wsdl > 2.http://localhost:8080/myapp/MyService?wsdl > > I am trying to consume webservice using soapUI client and problem is If I > use 2nd URL, everything works fine, my ejb is getting injected properly etc > but WSS4JInterceptor is not getting called at all and I am getting request > header must understand fault in response. > > If I change the URL in soapUI to use 1st one, then Interceptor is getting > called but then my services is not getting injected and I am getting NULL as > service object. > > I have configured WSS4JInterceptor in my spring configuration file. I need > to call this Interceptor before each request so that I can verify user token > from request header. > > Here is my beans.xml > <bean id="wss4jInConfiguration" > class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> > <property name="properties"> > <map> > <entry key="action" value="UsernameToken Timestamp"/> > <entry key="passwordType" value="PasswordText" /> > <entry> > <key> > <value>passwordCallbackRef</value> > </key> > <ref bean="passwordCallback"/> > </entry> > </map> > </property> > </bean> > > <bean id="passwordCallback" > class="my.interceptors.callbacks.handlers.PasswordCallbackHandler"/> > > <jaxws:endpoint id="myservice" > implementor="my.sample.application.MyServiceImpl" > address="/MyService"> > <jaxws:ininterceptors> > <ref bean="wss4jInConfiguration" /> > </jaxws:ininterceptors> > </jaxws:endpoint> > > > > Here is my web.xml > > > <?xml version="1.0" encoding="ISO-8859-1"?> > <!DOCTYPE web-app > PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application > 2.3//EN" > "http://java.sun.com/dtd/web-app_2_3.dtd"> > > <web-app> > <context-param> > <param-name>contextConfigLocation</param-name> > <param-value> > classpath:WEB-INF/beans.xml > </param-value> > </context-param> > > <listener> > <listener-class>org.springframework.web.context.ContextLoaderListener > </listener-class> > </listener> > > <servlet> > <servlet-name>CXFServlet</servlet-name> > <display-name>CXF Servlet</display-name> > <servlet-class>org.apache.cxf.transport.servlet.CXFServlet > </servlet-class> > <load-on-startup>1</load-on-startup> > </servlet> > > <servlet-mapping> > <servlet-name>CXFServlet</servlet-name> > <url-pattern>/services/*</url-pattern> > </servlet-mapping> > </web-app> > > > I don't have currently access to my WSDL but here is the tag looks like. > <soap:address location="http://localhost:8080/MyServiceSoapPort"; /> > > Any pointer what i am doing wrong. > > NOTE: My services are working fine without call back on URL without > /services/ > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/ws-security-endpoint-address-problem-tp4929961p4929961.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- -- David J. M. Karlsen - http://www.linkedin.com/in/davidkarlsen
