Hi, It is complaining about not finding a CallbackHandler on the service side. I can't see anything wrong with the configuration. Could you create a test-project so that I can take a look?
Colm. On Wed, Jul 10, 2013 at 6:58 PM, tulika <[email protected]> wrote: > Hi Colm, > > Please find the log below(at the end). > I have password callbacks at both client and web service server side as > explained in the tutorial. > Can you please tell me, whether it is complaining about callback handler > not > present at the client side or at the server side... also, it s complaining > about callback handler for username token? > > My setup details : > I set up http ssl with basic authentication as per tutorial > (http://www.jroller.com/gmazza/entry/ssl_for_web_services) on basic > doubleIt > web service and then added ws-security as per > (http://www.jroller.com/gmazza/entry/cxf_usernametoken_profile). > > For adding ws security I used Netbeans as explained in > (http://www.jroller.com/gmazza/entry/metro_usernametoken_profile#MetroUT1 > ), > but I didn't add "ValidatorConfiguration" element in wsdl or > PlainTestPasswordValidator in CXF server(because the code present in this > class is specific to metro library). However I have http basic > authentication enabled on my web service.. So, could this be the cause of > this issue?? How can I provide usernameValidator in cxf? > > <text from doubleit.wsdl having ws-security) > <sc:ValidatorConfiguration wspp:visibility="private"> > <sc:Validator name="usernameValidator" > classname="service.PlainTextPasswordValidator"/> > </sc:ValidatorConfiguration> > > Thanks, > Tulika > > > > Please find the log below: > > Payload: <soap:Envelope > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";> > <soap:Header> > <Action > xmlns="http://www.w3.org/2005/08/addressing";> > http://www.example.org/contract/DoubleIt/DoubleItPortType/DoubleItRequest > </Action> > <MessageID > xmlns="http://www.w3.org/2005/08/addressing > ">urn:uuid:3798aef3-027a-438f-b746-446633944a65</MessageID> > <To > xmlns="http://www.w3.org/2005/08/addressing";> > https://localhost:8443/CXFWebService/services/DoubleItPort</To> > <ReplyTo xmlns="http://www.w3.org/2005/08/addressing";> > <Address>http://www.w3.org/2005/08/addressing/anonymous</Address> > </ReplyTo> > <wsse:Security > xmlns:wsse=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > " > xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > soap:mustUnderstand="1"> > <wsu:Timestamp wsu:Id="TS-1"> > <wsu:Created>2013-07-10T09:16:56.277Z</wsu:Created> > <wsu:Expires>2013-07-10T09:21:56.277Z</wsu:Expires> > </wsu:Timestamp> > <wsse:UsernameToken wsu:Id="UsernameToken-2"> > <wsse:Username>bob</wsse:Username> > <wsse:Password > Type=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText > ">trombone</wsse:Password> > </wsse:UsernameToken> > </wsse:Security> > </soap:Header> > <soap:Body> > <ns2:DoubleIt > xmlns:ns2="http://www.example.org/schema/DoubleIt > "><numberToDouble>7</numberToDouble></ns2:DoubleIt> > </soap:Body> > </soap:Envelope> > -------------------------------------- > Jul 10, 2013 2:46:56 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor > handleMessage > WARNING: > org.apache.ws.security.WSSecurityException: General security error > (WSSecurityEngine: No password callback supplied) > at > > org.apache.ws.security.validate.UsernameTokenValidator.verifyDigestPassword(UsernameTokenValidator.java:155) > at > > org.apache.ws.security.validate.UsernameTokenValidator.verifyPlaintextPassword(UsernameTokenValidator.java:142) > at > > org.apache.ws.security.validate.UsernameTokenValidator.validate(UsernameTokenValidator.java:100) > at > > org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:172) > at > > org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:67) > at > > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396) > at > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:277) > at > > org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:120) > at > > org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:105) > at > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) > at > > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) > at > > org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:237) > at > > org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:214) > at > > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:194) > at > > org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:130) > at > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:225) > at > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:145) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:641) > at > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:201) > at > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304) > at > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > at > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240) > at > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164) > at > > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:576) > at > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164) > at > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) > at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562) > at > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:395) > at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:250) > at > > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:188) > at > > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:166) > at > > org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302) > at > > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) > at > > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) > at java.lang.Thread.run(Thread.java:662) > Jul 10, 2013 2:46:56 PM org.apache.cxf.phase.PhaseInterceptorChain > doDefaultLogging > WARNING: Interceptor for > {http://www.example.org/contract/DoubleIt}DoubleItService has thrown > exception, unwinding now > org.apache.cxf.binding.soap.SoapFault: General security error > (WSSecurityEngine: No password callback supplied) > at > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:767) > at > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:334) > at > > org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:120) > at > > org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:105) > at > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) > at > > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) > at > > org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:237) > at > > org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:214) > at > > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:194) > at > > org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:130) > at > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:225) > at > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:145) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:641) > at > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:201) > at > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304) > at > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > at > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240) > at > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164) > at > > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:576) > at > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164) > at > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) > at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562) > at > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:395) > at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:250) > at > > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:188) > at > > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:166) > at > > org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302) > at > > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) > at > > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) > at java.lang.Thread.run(Thread.java:662) > Caused by: org.apache.ws.security.WSSecurityException: General security > error (WSSecurityEngine: No password callback supplied) > at > > org.apache.ws.security.validate.UsernameTokenValidator.verifyDigestPassword(UsernameTokenValidator.java:155) > at > > org.apache.ws.security.validate.UsernameTokenValidator.verifyPlaintextPassword(UsernameTokenValidator.java:142) > at > > org.apache.ws.security.validate.UsernameTokenValidator.validate(UsernameTokenValidator.java:100) > at > > org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:172) > at > > org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:67) > at > > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396) > at > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:277) > ... 29 more > Jul 10, 2013 2:46:56 PM > org.apache.cxf.services.DoubleItService.DoubleItPort.DoubleItPortType > INFO: Outbound Message > --------------------------- > ID: 4 > Response-Code: 500 > Encoding: UTF-8 > Content-Type: text/xml > Headers: {} > Payload: <soap:Envelope > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/ > "><soap:Body><soap:Fault><faultcode>soap:Client</faultcode><faultstring>General > security error (WSSecurityEngine: No password callback > supplied)</faultstring></soap:Fault></soap:Body></soap:Envelope> > -------------------------------------- > Jul 10, 2013 2:50:41 PM > org.apache.cxf.services.DoubleItService.DoubleItPort.DoubleItPortType > INFO: Inbound Message > ---------------------------- > ID: 5 > Address: https://localhost:8443/CXFWebService/services/DoubleItPort?wsdl > Http-Method: GET > Content-Type: text/xml > Headers: {Accept=[*/*], Authorization=[Basic Ym9iOnRyb21ib25l], > cache-control=[no-cache], connection=[keep-alive], content-type=[text/xml], > host=[localhost:8443], pragma=[no-cache], user-agent=[Apache CXF 2.6.8]} > -------------------------------------- > Jul 10, 2013 2:50:51 PM > org.apache.cxf.services.DoubleItService.DoubleItPort.DoubleItPortType > INFO: Inbound Message > ---------------------------- > ID: 6 > Address: https://localhost:8443/CXFWebService/services/DoubleItPort > Encoding: UTF-8 > Http-Method: POST > Content-Type: text/xml; charset=UTF-8 > Headers: {Accept=[*/*], Authorization=[Basic Ym9iOnRyb21ib25l], > cache-control=[no-cache], connection=[keep-alive], Content-Length=[1373], > content-type=[text/xml; charset=UTF-8], host=[localhost:8443], > pragma=[no-cache], SOAPAction=[""], user-agent=[Apache CXF 2.6.8]} > Payload: <soap:Envelope > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/ > "><soap:Header><Action > xmlns="http://www.w3.org/2005/08/addressing";> > http://www.example.org/contract/DoubleIt/DoubleItPortType/DoubleItRequest > </Action><MessageID > xmlns="http://www.w3.org/2005/08/addressing > ">urn:uuid:525b8206-fa5f-4da5-84f9-82efe8bc128a</MessageID><To > xmlns="http://www.w3.org/2005/08/addressing";> > https://localhost:8443/CXFWebService/services/DoubleItPort</To><ReplyTo > xmlns="http://www.w3.org/2005/08/addressing";><Address> > http://www.w3.org/2005/08/addressing/anonymous > </Address></ReplyTo><wsse:Security > xmlns:wsse=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > " > xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > soap:mustUnderstand="1"><wsu:Timestamp > > wsu:Id="TS-1"><wsu:Created>2013-07-10T09:20:51.293Z</wsu:Created><wsu:Expires>2013-07-10T09:25:51.293Z</wsu:Expires></wsu:Timestamp><wsse:UsernameToken > wsu:Id="UsernameToken-2"><wsse:Username>bob</wsse:Username><wsse:Password > Type=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText > ">trombone</wsse:Password></wsse:UsernameToken></wsse:Security></soap:Header><soap:Body><ns2:DoubleIt > xmlns:ns2="http://www.example.org/schema/DoubleIt > "><numberToDouble>7</numberToDouble></ns2:DoubleIt></soap:Body></soap:Envelope> > -------------------------------------- > Jul 10, 2013 2:50:51 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor > handleMessage > WARNING: > org.apache.ws.security.WSSecurityException: General security error > (WSSecurityEngine: No password callback supplied) > at > > org.apache.ws.security.validate.UsernameTokenValidator.verifyDigestPassword(UsernameTokenValidator.java:155) > at > > org.apache.ws.security.validate.UsernameTokenValidator.verifyPlaintextPassword(UsernameTokenValidator.java:142) > at > > org.apache.ws.security.validate.UsernameTokenValidator.validate(UsernameTokenValidator.java:100) > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/UserName-token-security-on-CXF-General-security-error-WSSecurityEngine-No-password-callback-supplied-tp5730451p5730571.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
