Wow, cool. Thanks Colm.
Regards,
Sam
On 24/08/2013 2:34 a.m., Colm O hEigeartaigh wrote:
Ok I have an answer for you. The problem is that you are using the
WS-SecurityPolicy 1.1 namespace ("
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";). This version of the
spec does not define "HashPassword" at all:
http://specs.xmlsoap.org/ws/2005/07/securitypolicy/ws-securitypolicy.pdf
The solution is to use the newer WS-SecurityPolicy 1.2 namespace instead,
which works fine - "
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";. See here for an
example (line 215):
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/DoubleItUt.wsdl?view=markup
Colm.
On Fri, Aug 23, 2013 at 12:16 PM, Sam <[email protected]> wrote:
Version 2.7.6. The latest I believe.
Thanks
Sam
On 23/08/2013 9:09 p.m., Colm O hEigeartaigh wrote:
What version of CXF are you using?
Colm.
On Thu, Aug 22, 2013 at 10:15 PM, Sam <[email protected]> wrote:
Client config below
cxf.xml
<beans
xmlns="http://www.**springfram**ework.org/schema/**beans<http://springframework.org/schema/**beans>
<http:**//www.springframework.org/**schema/beans<http://www.springframework.org/schema/beans>
"
xmlns:xsi="http://www.w3.org/****2001/XMLSchema-instance<http://www.w3.org/**2001/XMLSchema-instance>
<http:**//www.w3.org/2001/XMLSchema-**instance<http://www.w3.org/2001/XMLSchema-instance>
"
xmlns:jaxws="http://cxf.**apac**he.org/jaxws<http://apache.org/jaxws>
<http://cxf.**apache.org/jaxws <http://cxf.apache.org/jaxws>>
"
xsi:schemaLocation="http://**w**ww.springframework.org/****
schema/beans <http://www.springframework.org/**schema/beans><http://www.
**springframework.org/schema/**beans<http://www.springframework.org/schema/beans>
http://www.springframework.****org/schema/beans/spring-beans.**
**xsd<http://www.**springframework.org/schema/**beans/spring-beans.xsd<http://www.springframework.org/schema/beans/spring-beans.xsd>
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/****jaxws.xsd<http://cxf.apache.org/schemas/**jaxws.xsd>
<http://cxf.apache.**org/schemas/jaxws.xsd<http://cxf.apache.org/schemas/jaxws.xsd>
">
<jaxws:client
name="{http://www.example.org/****contract/DoubleIt}**DoubleItPort<http://www.example.org/**contract/DoubleIt%7DDoubleItPort>
<http://www.**example.org/contract/DoubleIt%**7DDoubleItPort<http://www.example.org/contract/DoubleIt%7DDoubleItPort>
**"
createdFromAPI="true">
<!-- Uncomment if using WS-SecPolicy method -->
<jaxws:properties>
<entry key="ws-security.username" value="joe"/>
<entry key="ws-security.callback-****handler"
value-ref="myPasswordCallback"****/>
</jaxws:properties>
</jaxws:client>
<bean id="myPasswordCallback"
class="client.****ClientPasswordCallback"/>
</beans>
ClientPasswordCallback
public class ClientPasswordCallback implements CallbackHandler {
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
if ("joe".equals(pc.****getIdentifier())) {
pc.setPassword("joespassword")****;
} // else {...} - can add more users, access DB, etc.
}
}
Everything works, just that password of request is in clear text and no
error response.
In case you ask Server config, here it is:
cxf-servlet.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans
xmlns="http://www.**springfram**ework.org/schema/**beans<http://springframework.org/schema/**beans>
<http:**//www.springframework.org/**schema/beans<http://www.springframework.org/schema/beans>
"
xmlns:xsi="http://www.w3.org/****2001/XMLSchema-instance<http://www.w3.org/**2001/XMLSchema-instance>
<http:**//www.w3.org/2001/XMLSchema-**instance<http://www.w3.org/2001/XMLSchema-instance>
"
xmlns:jaxws="http://cxf.**apac**he.org/jaxws<http://apache.org/jaxws>
<http://cxf.**apache.org/jaxws <http://cxf.apache.org/jaxws>>
"
xsi:schemaLocation="http://**w**ww.springframework.org/****
schema/beans <http://www.springframework.org/**schema/beans><http://www.
**springframework.org/schema/**beans<http://www.springframework.org/schema/beans>
http://www.springframework.****org/schema/beans/spring-beans.**
**xsd<http://www.**springframework.org/schema/**beans/spring-beans.xsd<http://www.springframework.org/schema/beans/spring-beans.xsd>
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/****jaxws.xsd<http://cxf.apache.org/schemas/**jaxws.xsd>
<http://cxf.apache.**org/schemas/jaxws.xsd<http://cxf.apache.org/schemas/jaxws.xsd>
">
<jaxws:endpoint id="doubleit"
implementor="service.****DoubleItPortTypeImpl"
address="/doubleit"
wsdlLocation="WEB-INF/wsdl/****DoubleIt.wsdl">
<!-- Uncomment only if using WS-SecurityPolicy -->
<jaxws:properties>
<entry key="ws-security.callback-****handler"
value-ref="myPasswordCallback"****/>
</jaxws:properties>
</jaxws:endpoint>
<bean id="myPasswordCallback"
class="service.****ServerPasswordCallback" />
</beans>
ServerPasswordCallback
public class ServerPasswordCallback implements CallbackHandler {
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
if ("joe".equals(pc.****getIdentifier())) {
pc.setPassword("joespassword")****;
}
}
}
Thanks
Sam
On 23/08/2013 12:47 a.m., Colm O hEigeartaigh wrote:
What does your client configuration look like?
Colm.
On Thu, Aug 22, 2013 at 12:34 PM, Sam <[email protected]> wrote:
Hi Colm,
The policy is
<wsp:Policy wsu:Id="DoubleItBindingPolicy"******>
<wsp:ExactlyOne>
<wsp:All>
<sp:SupportingTokens
xmlns:sp="http://schemas.****xml**soap.org/ws/2005/07/****
securitypolicy
<http://xmlsoap.org/ws/2005/**07/**securitypolicy<http://xmlsoap.org/ws/2005/07/**securitypolicy>
<
http://schemas.**xmlsoap.org/**ws/2005/07/**securitypolicy<http://xmlsoap.org/ws/2005/07/**securitypolicy>
<ht**tp://schemas.xmlsoap.org/ws/**2005/07/securitypolicy<http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>
">
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://****sche**mas.xmlsoap.org/ws/2005/****<http://mas.xmlsoap.org/ws/2005/**>
<http://schemas.xmlsoap.org/**ws/2005/**<http://schemas.xmlsoap.org/ws/2005/**>
07/securitypolicy/******IncludeToken/****AlwaysToRecipient<http://**
schemas.xmlsoap.org/ws/2005/****07/securitypolicy/**<http://schemas.xmlsoap.org/ws/2005/**07/securitypolicy/**>
IncludeToken/**AlwaysToRecipient<http://**schemas.xmlsoap.org/ws/2005/
**07/securitypolicy/**IncludeToken/AlwaysToRecipient<http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient>
**>
**>
**">
<wsp:Policy>
<sp:HashPassword/>
<sp:WssUsernameToken11/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SupportingTokens>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
I am not getting any error message and the password in request is still
in
clear text when I run the sample code from Glen's site. Response still
returns OK.
I was expecting CXF to take care of hashing password automatically but
it
still works without returning error message.
It's like <sp:HashPassword/> is optional. Maybe I am missing something.
Thanks
Sam
On 22/08/2013 11:08 p.m., Colm O hEigeartaigh wrote:
Yes it is possible. What policy are you using + what is the error you
are
getting?
Colm.
On Thu, Aug 22, 2013 at 11:53 AM, Sam <[email protected]> wrote:
Hi all,
I read in http://pic.dhe.ibm.com/********
infocenter/wasinfo/v8r5/index.***<http://pic.dhe.ibm.com/******infocenter/wasinfo/v8r5/index.*>
***** <http://pic.dhe.ibm.com/******infocenter/wasinfo/v8r5/index.**
**** <http://pic.dhe.ibm.com/****infocenter/wasinfo/v8r5/index.****>
<
http://pic.dhe.ibm.com/******infocenter/wasinfo/v8r5/index.******<http://pic.dhe.ibm.com/****infocenter/wasinfo/v8r5/index.****>
<http://pic.dhe.ibm.com/****infocenter/wasinfo/v8r5/index.****<http://pic.dhe.ibm.com/**infocenter/wasinfo/v8r5/index.**>
jsp?topic=%2Fcom.ibm.********websphere.wlp.express.doc%**
2Fae%2Fcwlp_wssec_templates_********scenario1.html<http://pic.**
**dhe.<http://pic.dhe.>
**
ibm.com/infocenter/wasinfo/******v8r5/index.jsp?topic=%2Fcom.****<http://ibm.com/infocenter/wasinfo/****v8r5/index.jsp?topic=%2Fcom.**>
<http://ibm.com/infocenter/**wasinfo/**v8r5/index.jsp?**
topic=%2Fcom.**<http://ibm.com/infocenter/wasinfo/**v8r5/index.jsp?topic=%2Fcom.**>
ibm.websphere.wlp.express.doc%******2Fae%2Fcwlp_wssec_**
templates_****
scenario1.html<http://pic.dhe.****ibm.com/infocenter/wasinfo/****<http://ibm.com/infocenter/wasinfo/**>
v8r5/index.jsp?topic=%2Fcom.****ibm.websphere.wlp.express.doc%****
2Fae%2Fcwlp_wssec_templates_****scenario1.html<http://pic.dhe.**
ibm.com/infocenter/wasinfo/**v8r5/index.jsp?topic=%2Fcom.**
ibm.websphere.wlp.express.doc%**2Fae%2Fcwlp_wssec_templates_**
scenario1.html<http://pic.dhe.ibm.com/infocenter/wasinfo/v8r5/index.jsp?topic=%2Fcom.ibm.websphere.wlp.express.doc%2Fae%2Fcwlp_wssec_templates_scenario1.html>
,
which shows
the use of ws-policy for UsernameToken with password digest
(HashPassword)
over SSL.
My question is, is it possible to use ws-policy for UsernameToken
with
password digest without SSL in CXF?
I am asking as I have been tweaking the WSDL for the usernametoke
tutorial
from http://www.jroller.com/gmazza/********entry/cxf_usernametoken_*
*****<http://www.jroller.com/gmazza/******entry/cxf_usernametoken_****>
** <http://www.jroller.com/**gmazza/****entry/cxf_**
usernametoken_****<http://www.jroller.com/gmazza/****entry/cxf_usernametoken_****>
profile<http://www.jroller.****com/gmazza/**entry/cxf_**
usernametoken_**profile<http:/**/www.jroller.com/gmazza/****
entry/cxf_usernametoken_****profile<http://www.jroller.com/gmazza/**entry/cxf_usernametoken_**profile>
<http://www.jroller.**com/****gmazza/entry/cxf_****
usernametoken_profile<http://****www.jroller.com/gmazza/entry/****<http://www.jroller.com/gmazza/entry/**>
cxf_usernametoken_profile<http**://www.jroller.com/gmazza/**
entry/cxf_usernametoken_**profile<http://www.jroller.com/gmazza/entry/cxf_usernametoken_profile>
,
to run without SSL successfully, now
I am trying to make it support password digest without SSL , and
without
luck.
Thanks
Sam
