The logging issue is an interceptor ordering issue that Dan has just fixed on trunk. With regards to the password callback issue, could you create a test-case that I could take a look at? I don't see anything obviously wrong in the code you pasted.
Colm. On Thu, Aug 21, 2014 at 7:16 PM, venkatesham nalla <[email protected]> wrote: > Hi Colm, > I have tested with CXF 3.0.1 as well and results are same.The SOAP Request > and Password Callback code are included below. > Yes I have enabled the logging, which does not log outbound message on the > client side when WSS4JStaxOutInterceptor is used. However the inbound > message is getting logged. > SOAP Request: > <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";> > <soap:Header> <wsse:Security xmlns:wsse=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; > soap:mustUnderstand="1"> <wsse:UsernameToken xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > wsu:Id="G0174fea5-ef7f-435e-8d5f-36a3143ffaa4"> > <wsse:Username>theUserName</wsse:Username> > <wsse:Password Type=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>thePassword</wsse:Password> > </wsse:UsernameToken> </wsse:Security> > </soap:Header> <soap:Body> <TwowayStructStringRequest xmlns=" > http://test.com/struct/xsd";> <PerfStructStringArrayVal> > <Item> > <StringVal>String</StringVal> > <DoubleVal>18446744073709551616</DoubleVal> > <FloatVal>4294967296</FloatVal> > <CharVal>a</CharVal> > <LongVal>4294967296</LongVal> > <ShortVal>65536</ShortVal> </Item> > </PerfStructStringArrayVal> </TwowayStructStringRequest> > </soap:Body></soap:Envelope> > Password Callback Code (this code works with WS-SecurityPolicy as well as > WSS4J old interceptors. > public class ServerPasswordCallback implements CallbackHandler { > private Map<String, String> passwords = new HashMap<String, > String>(); > public ServerPasswordCallback() { passwords.put("theUserName", > "thePassword"); passwords.put("abcd", "dcba"); } > /** * Here, we attempt to get the password from the private * > alias/passwords map. */ public void handle(Callback[] callbacks) > throws IOException, UnsupportedCallbackException { for (int i = 0; i > < callbacks.length; i++) { WSPasswordCallback pc = > (WSPasswordCallback)callbacks[i]; > String pass = passwords.get(pc.getIdentifier()); > if (pass == null) { throw new SecurityException > ("The UsernameToken '"+pc.getIdentifier()+"' can not be authenticated."); > } else if (pass != null) { > pc.setPassword(pass); return; } } > // // Password not found // throw new > IOException(); } > /** * Add an alias/password pair to the callback mechanism. > */ public void setAliasPassword(String alias, String password) { > passwords.put(alias, password); }} > Client configuration with WSS4JStaxOutInterceptor: > <jaxws:client name="..." createdFromAPI="true"> > <jaxws:outInterceptors> <bean > class="org.apache.cxf.ws.security.wss4j.WSS4JStaxOutInterceptor"> > <constructor-arg> > <map> <entry key="action" > value="UsernameToken"/> <entry > key="user" value="theUserName"/> > <entry key="passwordType" value="PasswordText"/> > <entry key="passwordCallbackRef" > value-ref="clientCallback"/> </map> > </constructor-arg> </bean> > </jaxws:outInterceptors> </jaxws:client> <bean id="clientCallback" > class="com.att.cio.rpcperf.client.ClientPasswordCallback"/> <cxf:bus> > <cxf:features> <cxf:logging/> > </cxf:features> </cxf:bus> > Thanks,Venkat > > > Date: Thu, 21 Aug 2014 16:33:03 +0100 > > Subject: Re: WSS4JStax interceptor issues in Apache CXF 3.0.0 > > From: [email protected] > > To: [email protected] > > > > Hi, > > > > > 1) The client with WSS4JStaxOutInterceptor (WSS4J-2.0.0) is not > > working. It is throwing the exception. > > > > It was a bug in WSS4J 2.0.0 (SOAP schemas were not included), fixed in > > WSS4J 2.0.1. > > > > > 2) I replaced the WSS4J 2.0.0 jar’s with WSS4J 2.0.1 jar and the > > client side works fine. However with 2.0.0 and 2.0.1 the server > side > code > > was not getting the User Name in password callback handler when > > WSS4JStaxInInterceptor used, basically > > > “getIdentifier” method returns an empty string. Everything works fine > > with old WSS4J interceptors as well as WS-SecurityPolicy. > > > > This seems odd. Could you paste in what the UsernameToken from the > message > > looks like, what the CallbackHandler implementation looks like? > > > > > 3) WSS4JStaxOutInterceptor does not log the outbound message when > > the logging enabled. > > > > Do you mean that if you enable the CXF logging interceptors, it doesn't > log > > the message? WSS4JStaxOutInterceptor itself doesn't log the message. > > > > Colm. > > > > On Wed, Aug 20, 2014 at 7:22 PM, NALLA, VENKAT <[email protected]> wrote: > > > > > Hi Colm, > > > > > > > > > > > > I am using Apache CXF version 3.0.0 and testing JAX-WS services with > > > WS-Security UsernameToken profile with plain password, and running in > to > > > following issues. Appreciate if you could help in resolving these > issues. > > > > > > > > > > > > 1) The client with WSS4JStaxOutInterceptor (WSS4J-2.0.0) is not > > > working. It is throwing the exception. > > > > > > a. Exception using Oracle JDK 7 on Windows 7 desktop in the > > > attached file “OracleJDK7WSS4J-2.0.0-ClientException on Win7.txt” > > > > > > b. Exception using IBM JDK 7 on AIX in the attached file > > > “IBMJDK7-WSS4j-2.0.0ClientException on AIX.txt” > > > > > > > > > > > > 2) I replaced the WSS4J 2.0.0 jar’s with WSS4J 2.0.1 jar and the > > > client side works fine. However with 2.0.0 and 2.0.1 the server side > code > > > was not getting the User Name in password callback handler when > > > WSS4JStaxInInterceptor used, basically “getIdentifier” method returns > an > > > empty string. Everything works fine with old WSS4J interceptors as > well as > > > WS-SecurityPolicy. > > > > > > 3) WSS4JStaxOutInterceptor does not log the outbound message when > > > the logging enabled. > > > > > > > > > > > > The server configuration: > > > > > > <jaxws:endpoint name="…" createdFromAPI="true"> > > > > > > <jaxws:inInterceptors> > > > > > > > > > > > > <bean class=" > > > org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor"> > > > > > > < > > > constructor-arg> > > > > > > > > > <map> > > > > > > > > > <entry key="action" value="UsernameToken"/> > > > > > > > > > <entry key="passwordType" value="PasswordText"/> > > > > > > > > > <entry key="passwordCallbackClass" value="...ServerPasswordCallback"/> > > > > > > > > > </map> > > > > > > </ > > > constructor-arg> > > > > > > </bean> > > > > > > </jaxws:inInterceptors> > > > > > > </jaxws:endpoint> > > > > > > > > > > > > Thanks, > > > > > > Venkat > > > > > > -- > > > Colm O hEigeartaigh > > > > > > Talend Community Coder > > > http://coders.talend.com > > > > > > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
