What version of CXF are you using? Colm.
On Thu, Aug 22, 2013 at 10:15 PM, Sam <[email protected]> wrote: > > Client config below > > cxf.xml > > <beans > xmlns="http://www.**springframework.org/schema/**beans<http://www.springframework.org/schema/beans> > " > > xmlns:xsi="http://www.w3.org/**2001/XMLSchema-instance<http://www.w3.org/2001/XMLSchema-instance> > " > xmlns:jaxws="http://cxf.**apache.org/jaxws<http://cxf.apache.org/jaxws> > " > > xsi:schemaLocation="http://**www.springframework.org/**schema/beans<http://www.springframework.org/schema/beans> > > http://www.springframework.**org/schema/beans/spring-beans.**xsd<http://www.springframework.org/schema/beans/spring-beans.xsd> > http://cxf.apache.org/jaxws > > http://cxf.apache.org/schemas/**jaxws.xsd<http://cxf.apache.org/schemas/jaxws.xsd> > "> > > <jaxws:client > > name="{http://www.example.org/**contract/DoubleIt}DoubleItPort<http://www.example.org/contract/DoubleIt%7DDoubleItPort> > **" > createdFromAPI="true"> > <!-- Uncomment if using WS-SecPolicy method --> > <jaxws:properties> > <entry key="ws-security.username" value="joe"/> > <entry key="ws-security.callback-**handler" > value-ref="myPasswordCallback"**/> > </jaxws:properties> > > </jaxws:client> > > <bean id="myPasswordCallback" > class="client.**ClientPasswordCallback"/> > > </beans> > > > ClientPasswordCallback > > public class ClientPasswordCallback implements CallbackHandler { > > public void handle(Callback[] callbacks) throws IOException, > UnsupportedCallbackException { > WSPasswordCallback pc = (WSPasswordCallback) callbacks[0]; > > if ("joe".equals(pc.**getIdentifier())) { > pc.setPassword("joespassword")**; > } // else {...} - can add more users, access DB, etc. > } > } > > Everything works, just that password of request is in clear text and no > error response. > > In case you ask Server config, here it is: > > cxf-servlet.xml > > <?xml version="1.0" encoding="UTF-8"?> > <beans > xmlns="http://www.**springframework.org/schema/**beans<http://www.springframework.org/schema/beans> > " > > xmlns:xsi="http://www.w3.org/**2001/XMLSchema-instance<http://www.w3.org/2001/XMLSchema-instance> > " > xmlns:jaxws="http://cxf.**apache.org/jaxws<http://cxf.apache.org/jaxws> > " > > xsi:schemaLocation="http://**www.springframework.org/**schema/beans<http://www.springframework.org/schema/beans> > > http://www.springframework.**org/schema/beans/spring-beans.**xsd<http://www.springframework.org/schema/beans/spring-beans.xsd> > http://cxf.apache.org/jaxws > > http://cxf.apache.org/schemas/**jaxws.xsd<http://cxf.apache.org/schemas/jaxws.xsd> > "> > > <jaxws:endpoint id="doubleit" > implementor="service.**DoubleItPortTypeImpl" > address="/doubleit" > wsdlLocation="WEB-INF/wsdl/**DoubleIt.wsdl"> > > <!-- Uncomment only if using WS-SecurityPolicy --> > <jaxws:properties> > <entry key="ws-security.callback-**handler" > value-ref="myPasswordCallback"**/> > </jaxws:properties> > > </jaxws:endpoint> > > <bean id="myPasswordCallback" > class="service.**ServerPasswordCallback" /> > </beans> > > ServerPasswordCallback > > public class ServerPasswordCallback implements CallbackHandler { > > public void handle(Callback[] callbacks) throws IOException, > UnsupportedCallbackException { > WSPasswordCallback pc = (WSPasswordCallback) callbacks[0]; > > if ("joe".equals(pc.**getIdentifier())) { > pc.setPassword("joespassword")**; > } > } > } > > Thanks > Sam > > On 23/08/2013 12:47 a.m., Colm O hEigeartaigh wrote: > >> What does your client configuration look like? >> >> Colm. >> >> >> On Thu, Aug 22, 2013 at 12:34 PM, Sam <[email protected]> wrote: >> >> Hi Colm, >>> >>> The policy is >>> >>> <wsp:Policy wsu:Id="DoubleItBindingPolicy"****> >>> <wsp:ExactlyOne> >>> <wsp:All> >>> <sp:SupportingTokens >>> xmlns:sp="http://schemas.**xml**soap.org/ws/2005/07/**** >>> securitypolicy <http://xmlsoap.org/ws/2005/07/**securitypolicy>< >>> http://schemas.**xmlsoap.org/ws/2005/07/**securitypolicy<http://schemas.xmlsoap.org/ws/2005/07/securitypolicy> >>> > >>> "> >>> <wsp:Policy> >>> <sp:UsernameToken >>> >>> sp:IncludeToken="http://**sche**mas.xmlsoap.org/ws/2005/**<http://schemas.xmlsoap.org/ws/2005/**> >>> 07/securitypolicy/****IncludeToken/**AlwaysToRecipient<http://** >>> schemas.xmlsoap.org/ws/2005/**07/securitypolicy/** >>> IncludeToken/AlwaysToRecipient<http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient> >>> **> >>> **"> >>> <wsp:Policy> >>> <sp:HashPassword/> >>> <sp:WssUsernameToken11/> >>> </wsp:Policy> >>> </sp:UsernameToken> >>> </wsp:Policy> >>> </sp:SupportingTokens> >>> </wsp:All> >>> </wsp:ExactlyOne> >>> </wsp:Policy> >>> >>> I am not getting any error message and the password in request is still >>> in >>> clear text when I run the sample code from Glen's site. Response still >>> returns OK. >>> I was expecting CXF to take care of hashing password automatically but it >>> still works without returning error message. >>> >>> It's like <sp:HashPassword/> is optional. Maybe I am missing something. >>> >>> Thanks >>> Sam >>> >>> On 22/08/2013 11:08 p.m., Colm O hEigeartaigh wrote: >>> >>> Yes it is possible. What policy are you using + what is the error you >>>> are >>>> getting? >>>> >>>> Colm. >>>> >>>> >>>> On Thu, Aug 22, 2013 at 11:53 AM, Sam <[email protected]> wrote: >>>> >>>> Hi all, >>>> >>>>> I read in http://pic.dhe.ibm.com/******infocenter/wasinfo/v8r5/index.* >>>>> ***** <http://pic.dhe.ibm.com/****infocenter/wasinfo/v8r5/index.****>< >>>>> http://pic.dhe.ibm.com/****infocenter/wasinfo/v8r5/index.****<http://pic.dhe.ibm.com/**infocenter/wasinfo/v8r5/index.**> >>>>> > >>>>> jsp?topic=%2Fcom.ibm.******websphere.wlp.express.doc%** >>>>> 2Fae%2Fcwlp_wssec_templates_******scenario1.html<http://pic.**dhe.<http://pic.dhe.> >>>>> ** >>>>> ibm.com/infocenter/wasinfo/****v8r5/index.jsp?topic=%2Fcom.**<http://ibm.com/infocenter/wasinfo/**v8r5/index.jsp?topic=%2Fcom.**> >>>>> ibm.websphere.wlp.express.doc%****2Fae%2Fcwlp_wssec_templates_**** >>>>> scenario1.html<http://pic.dhe.**ibm.com/infocenter/wasinfo/** >>>>> v8r5/index.jsp?topic=%2Fcom.**ibm.websphere.wlp.express.doc%** >>>>> 2Fae%2Fcwlp_wssec_templates_**scenario1.html<http://pic.dhe.ibm.com/infocenter/wasinfo/v8r5/index.jsp?topic=%2Fcom.ibm.websphere.wlp.express.doc%2Fae%2Fcwlp_wssec_templates_scenario1.html> >>>>> > >>>>> >>>>>> , >>>>>> >>>>> which shows >>>>> the use of ws-policy for UsernameToken with password digest >>>>> (HashPassword) >>>>> over SSL. >>>>> >>>>> My question is, is it possible to use ws-policy for UsernameToken with >>>>> password digest without SSL in CXF? >>>>> >>>>> I am asking as I have been tweaking the WSDL for the usernametoke >>>>> tutorial >>>>> from http://www.jroller.com/gmazza/******entry/cxf_usernametoken_**** >>>>> ** <http://www.jroller.com/gmazza/****entry/cxf_usernametoken_****> >>>>> profile<http://www.jroller.**com/gmazza/**entry/cxf_** >>>>> usernametoken_**profile<http://www.jroller.com/gmazza/**entry/cxf_usernametoken_**profile> >>>>> > >>>>> <http://www.jroller.**com/**gmazza/entry/cxf_**** >>>>> usernametoken_profile<http://**www.jroller.com/gmazza/entry/** >>>>> cxf_usernametoken_profile<http://www.jroller.com/gmazza/entry/cxf_usernametoken_profile> >>>>> > >>>>> >>>>>> , >>>>>> >>>>> to run without SSL successfully, now >>>>> I am trying to make it support password digest without SSL , and >>>>> without >>>>> luck. >>>>> >>>>> Thanks >>>>> Sam >>>>> >>>>> >>>>> >>>> >> > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
