Thanks Dan, Interestingly, when I reverse the order that I'm testing the SoapMessage by passing it to the interceptors (e.g. I pass it to the Signature interceptor first) then it validates. So that makes me think that something with passing the SoapMessage to the UsernameToken interceptor and then passing the same SoapMessage object to the Signature interceptor is causing it to not work right. I can try setting innerElementCountThreshold = -1, but since it works fine when I only pass the message to the Signature interceptor, I think it's something to do with passing the same Message to multiple interceptors.
Is there a more proper way of authenticating a SoapMessage with 2 possible validation schemes? Joseph On Mon, Jul 22, 2013 at 10:55 AM, Daniel Kulp [via CXF] < [email protected]> wrote: > > I think you are hitting the XML size limits now. See: > > http://cxf.apache.org/docs/security.html#Security-XML > > > Dan > > > > On Jul 22, 2013, at 10:59 AM, unicyco <[hidden > email]<http://user/SendEmail.jtp?type=node&node=5731262&i=0>> > wrote: > > > I have a situation where I need to be able to take a SOAPMessage and > validate > > it using *either* username/password or a certificate. However, I have > > having trouble stepping my code up to CXF 2.7.5 running in Karaf after > > previously running a pretty old version of Servicemix. > > > > What I did to make this work before was to create my own interceptor > that > > extends WSS4JInInterceptor and passed into my interceptor an > > ACTION=UsernameToken and ACTION=Signature interceptor. Then, in my > > handleMessage() I start by passing the SoapMessage to the UsernameToken > > interceptor. If it throws an exception, I pass the SoapMessage to the > > Signature interceptor. I remember having trouble getting this working > > originally, and to fix it I did a shallow soapMessage.clone(). However, > > this is no longer working with CXF 2.7.5.... If I first pass the > SoapMessage > > to the UsernameToken interceptor, and then pass it to the Signature > > interceptor, I get an exception: > > > > org.apache.cxf.staxutils.DepthExceededStaxException: reach the > > innerElementCountThreshold:50000 > > > > I'm pretty sure the correct way to do this is NOT to pass the same > > SoapMessage to multiple interceptors (since they modify the message), > > however I don't know how to accomplish this otherwise. I understand > WSS4J > > 1.6 now has the concept of Validators, which I'm using for my > UsernameToken > > validation (against an LDAP directory), but I don't know how to > accomplish a > > 2-way "choice" validation of my security header. Can anyone point me in > the > > right direction? If it would help I can post some code samples. > > > > Thank you!! > > > > Joseph > > > > > > > > -- > > View this message in context: > http://cxf.547215.n5.nabble.com/2-possible-validators-interceptors-tp5731252.html > > Sent from the cxf-user mailing list archive at Nabble.com. > > -- > Daniel Kulp > [hidden email] <http://user/SendEmail.jtp?type=node&node=5731262&i=1> - > http://dankulp.com/blog > Talend Community Coder - http://coders.talend.com > > > > ------------------------------ > If you reply to this email, your message will be added to the discussion > below: > > http://cxf.547215.n5.nabble.com/2-possible-validators-interceptors-tp5731252p5731262.html > To unsubscribe from 2 possible validators/interceptors, click > here<http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=5731252&code=aHVzYnkwMjRAdW1uLmVkdXw1NzMxMjUyfDMwOTk3MDc2MQ==> > . > NAML<http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> > -- View this message in context: http://cxf.547215.n5.nabble.com/2-possible-validators-interceptors-tp5731252p5731265.html Sent from the cxf-user mailing list archive at Nabble.com.
