I took another look at this issue. The reason the CallbackHandler is being called twice, once without an identifier, is that the JasyptPasswordEncryptor asks the CallbackHandler for a password on startup. The JasyptPasswordEncryptor is a new feature in WSS4J 2.0.0, which allows you to have encrypted passwords in Crypto properties files. I have merged a fix to WSS4J to only query the CallbackHandler for a password when it is actually needed.
Colm. On Fri, Aug 22, 2014 at 8:50 AM, Colm O hEigeartaigh <[email protected]> wrote: > > The logging issue is an interceptor ordering issue that Dan has just fixed > on trunk. With regards to the password callback issue, could you create a > test-case that I could take a look at? I don't see anything obviously wrong > in the code you pasted. > > Colm. > > > On Thu, Aug 21, 2014 at 7:16 PM, venkatesham nalla <[email protected]> > wrote: > >> Hi Colm, >> I have tested with CXF 3.0.1 as well and results are same.The SOAP >> Request and Password Callback code are included below. >> Yes I have enabled the logging, which does not log outbound message on >> the client side when WSS4JStaxOutInterceptor is used. However the inbound >> message is getting logged. >> SOAP Request: >> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";> >> <soap:Header> <wsse:Security xmlns:wsse=" >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; >> soap:mustUnderstand="1"> <wsse:UsernameToken xmlns:wsu=" >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; >> wsu:Id="G0174fea5-ef7f-435e-8d5f-36a3143ffaa4"> >> <wsse:Username>theUserName</wsse:Username> >> <wsse:Password Type=" >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>thePassword</wsse:Password> >> </wsse:UsernameToken> </wsse:Security> >> </soap:Header> <soap:Body> <TwowayStructStringRequest xmlns=" >> http://test.com/struct/xsd";> >> <PerfStructStringArrayVal> <Item> >> <StringVal>String</StringVal> >> <DoubleVal>18446744073709551616</DoubleVal> >> <FloatVal>4294967296</FloatVal> >> <CharVal>a</CharVal> >> <LongVal>4294967296</LongVal> >> <ShortVal>65536</ShortVal> </Item> >> </PerfStructStringArrayVal> </TwowayStructStringRequest> >> </soap:Body></soap:Envelope> >> Password Callback Code (this code works with WS-SecurityPolicy as well as >> WSS4J old interceptors. >> public class ServerPasswordCallback implements CallbackHandler { >> private Map<String, String> passwords = new HashMap<String, >> String>(); >> public ServerPasswordCallback() { passwords.put("theUserName", >> "thePassword"); passwords.put("abcd", "dcba"); } >> /** * Here, we attempt to get the password from the private * >> alias/passwords map. */ public void handle(Callback[] callbacks) >> throws IOException, UnsupportedCallbackException { for (int i = 0; i >> < callbacks.length; i++) { WSPasswordCallback pc = >> (WSPasswordCallback)callbacks[i]; >> String pass = passwords.get(pc.getIdentifier()); >> if (pass == null) { throw new SecurityException >> ("The UsernameToken '"+pc.getIdentifier()+"' can not be authenticated."); >> } else if (pass != null) { >> pc.setPassword(pass); return; } } >> // // Password not found // throw new >> IOException(); } >> /** * Add an alias/password pair to the callback mechanism. >> */ public void setAliasPassword(String alias, String password) { >> passwords.put(alias, password); }} >> Client configuration with WSS4JStaxOutInterceptor: >> <jaxws:client name="..." createdFromAPI="true"> >> <jaxws:outInterceptors> <bean >> class="org.apache.cxf.ws.security.wss4j.WSS4JStaxOutInterceptor"> >> <constructor-arg> >> <map> <entry key="action" >> value="UsernameToken"/> <entry >> key="user" value="theUserName"/> >> <entry key="passwordType" value="PasswordText"/> >> <entry key="passwordCallbackRef" >> value-ref="clientCallback"/> </map> >> </constructor-arg> </bean> >> </jaxws:outInterceptors> </jaxws:client> <bean id="clientCallback" >> class="com.att.cio.rpcperf.client.ClientPasswordCallback"/> <cxf:bus> >> <cxf:features> <cxf:logging/> >> </cxf:features> </cxf:bus> >> Thanks,Venkat >> >> > Date: Thu, 21 Aug 2014 16:33:03 +0100 >> > Subject: Re: WSS4JStax interceptor issues in Apache CXF 3.0.0 >> > From: [email protected] >> > To: [email protected] >> > >> > Hi, >> > >> > > 1) The client with WSS4JStaxOutInterceptor (WSS4J-2.0.0) is not >> > working. It is throwing the exception. >> > >> > It was a bug in WSS4J 2.0.0 (SOAP schemas were not included), fixed in >> > WSS4J 2.0.1. >> > >> > > 2) I replaced the WSS4J 2.0.0 jar’s with WSS4J 2.0.1 jar and the >> > client side works fine. However with 2.0.0 and 2.0.1 the server > side >> code >> > was not getting the User Name in password callback handler when >> > WSS4JStaxInInterceptor used, basically >> > > “getIdentifier” method returns an empty string. Everything works fine >> > with old WSS4J interceptors as well as WS-SecurityPolicy. >> > >> > This seems odd. Could you paste in what the UsernameToken from the >> message >> > looks like, what the CallbackHandler implementation looks like? >> > >> > > 3) WSS4JStaxOutInterceptor does not log the outbound message when >> > the logging enabled. >> > >> > Do you mean that if you enable the CXF logging interceptors, it doesn't >> log >> > the message? WSS4JStaxOutInterceptor itself doesn't log the message. >> > >> > Colm. >> > >> > On Wed, Aug 20, 2014 at 7:22 PM, NALLA, VENKAT <[email protected]> wrote: >> > >> > > Hi Colm, >> > > >> > > >> > > >> > > I am using Apache CXF version 3.0.0 and testing JAX-WS services with >> > > WS-Security UsernameToken profile with plain password, and running in >> to >> > > following issues. Appreciate if you could help in resolving these >> issues. >> > > >> > > >> > > >> > > 1) The client with WSS4JStaxOutInterceptor (WSS4J-2.0.0) is not >> > > working. It is throwing the exception. >> > > >> > > a. Exception using Oracle JDK 7 on Windows 7 desktop in the >> > > attached file “OracleJDK7WSS4J-2.0.0-ClientException on Win7.txt” >> > > >> > > b. Exception using IBM JDK 7 on AIX in the attached file >> > > “IBMJDK7-WSS4j-2.0.0ClientException on AIX.txt” >> > > >> > > >> > > >> > > 2) I replaced the WSS4J 2.0.0 jar’s with WSS4J 2.0.1 jar and the >> > > client side works fine. However with 2.0.0 and 2.0.1 the server side >> code >> > > was not getting the User Name in password callback handler when >> > > WSS4JStaxInInterceptor used, basically “getIdentifier” method returns >> an >> > > empty string. Everything works fine with old WSS4J interceptors as >> well as >> > > WS-SecurityPolicy. >> > > >> > > 3) WSS4JStaxOutInterceptor does not log the outbound message when >> > > the logging enabled. >> > > >> > > >> > > >> > > The server configuration: >> > > >> > > <jaxws:endpoint name="…" createdFromAPI="true"> >> > > >> > > <jaxws:inInterceptors> >> > > >> > > >> > > >> > > <bean class=" >> > > org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor"> >> > > >> > > < >> > > constructor-arg> >> > > >> > > >> > > <map> >> > > >> > > >> > > <entry key="action" value="UsernameToken"/> >> > > >> > > >> > > <entry key="passwordType" value="PasswordText"/> >> > > >> > > >> > > <entry key="passwordCallbackClass" value="...ServerPasswordCallback"/> >> > > >> > > >> > > </map> >> > > >> > > </ >> > > constructor-arg> >> > > >> > > </bean> >> > > >> > > </jaxws:inInterceptors> >> > > >> > > </jaxws:endpoint> >> > > >> > > >> > > >> > > Thanks, >> > > >> > > Venkat >> > > >> > > -- >> > > Colm O hEigeartaigh >> > > >> > > Talend Community Coder >> > > http://coders.talend.com >> > > >> > > >> > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
