Hi Colm,
With the following Callback Handler it is working OK, but still the callback
handler is called twice for every request. I am not sure why it needs to be
called twice? and what is the purpose of this extra password?
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
System.out.println("=======================");
System.out.println("Handle - Callback length = " + callbacks.length);
System.out.println("======================="); System.out.flush();
for (int i = 0; i < callbacks.length; i++) { WSPasswordCallback
pc = (WSPasswordCallback)callbacks[i];
String id = pc.getIdentifier(); String pass =
passwords.get(id); if (pass == null) { pass
= "doNotKnowWhyThisIsRequired"; }
if (pass == null) { throw
new SecurityException ("The UsernameToken '"+pc.getIdentifier()+"' can not be
authenticated."); } else if (pass != null) {
pc.setPassword(pass); return; } }
// // Password not found // throw new
IOException(); }
Thanks,Venkat
From: [email protected]
To: [email protected]
Subject: RE: WSS4JStax interceptor issues in Apache CXF 3.0.0
Date: Wed, 10 Sep 2014 17:04:18 +0000
With the Callback Handler code given below it is resulting in same error for
every request.
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException { for (int i = 0; i < callbacks.length;
i++) { WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
String pass = passwords.get(pc.getIdentifier());
if (pass == null) { throw new SecurityException ("The
UsernameToken '"+pc.getIdentifier()+"' can not be authenticated.");
} else if (pass != null) { pc.setPassword(pass);
return; } }
// // Password not found // throw new
IOException(); }
Thanks,Venkat
Date: Wed, 10 Sep 2014 14:42:52 +0100
Subject: Re: WSS4JStax interceptor issues in Apache CXF 3.0.0
From: [email protected]
To: [email protected]
You can test by checking out the latest WSS4J + CXF sources + building them
locally (or waiting until the SNAPSHOTS have deployed to Maven). It's a minor
issue though...why do you need the fix? It just accepts the CallbackHandler for
a password + proceeds as normal after that.
Colm.
On Wed, Sep 10, 2014 at 2:41 PM, venkatesham nalla <[email protected]> wrote:
Hi Colm,
Thanks for the update. How can I get the updated code?
ThxVenkat Nalla
On Sep 10, 2014, at 5:43 AM, "Colm O hEigeartaigh" <[email protected]> wrote:
I took another look at this issue. The reason the CallbackHandler is being
called twice, once without an identifier, is that the JasyptPasswordEncryptor
asks the CallbackHandler for a password on startup. The JasyptPasswordEncryptor
is a new feature in WSS4J 2.0.0, which allows you to have encrypted passwords
in Crypto properties files. I have merged a fix to WSS4J to only query the
CallbackHandler for a password when it is actually needed.
Colm.
On Fri, Aug 22, 2014 at 8:50 AM, Colm O hEigeartaigh <[email protected]>
wrote:
The logging issue is an interceptor ordering issue that Dan has just fixed on
trunk. With regards to the password callback issue, could you create a
test-case that I could take a look at? I don't see anything obviously wrong in
the code you pasted.
Colm.
On Thu, Aug 21, 2014 at 7:16 PM, venkatesham nalla <[email protected]> wrote:
Hi Colm,
I have tested with CXF 3.0.1 as well and results are same.The SOAP Request and
Password Callback code are included below.
Yes I have enabled the logging, which does not log outbound message on the
client side when WSS4JStaxOutInterceptor is used. However the inbound message
is getting logged.
SOAP Request:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";>
<soap:Header> <wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
soap:mustUnderstand="1"> <wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="G0174fea5-ef7f-435e-8d5f-36a3143ffaa4">
<wsse:Username>theUserName</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>thePassword</wsse:Password>
</wsse:UsernameToken> </wsse:Security>
</soap:Header> <soap:Body> <TwowayStructStringRequest
xmlns="http://test.com/struct/xsd";> <PerfStructStringArrayVal>
<Item>
<StringVal>String</StringVal>
<DoubleVal>18446744073709551616</DoubleVal>
<FloatVal>4294967296</FloatVal>
<CharVal>a</CharVal>
<LongVal>4294967296</LongVal>
<ShortVal>65536</ShortVal> </Item>
</PerfStructStringArrayVal> </TwowayStructStringRequest>
</soap:Body></soap:Envelope>
Password Callback Code (this code works with WS-SecurityPolicy as well as WSS4J
old interceptors.
public class ServerPasswordCallback implements CallbackHandler {
private Map<String, String> passwords = new HashMap<String,
String>();
public ServerPasswordCallback() { passwords.put("theUserName",
"thePassword"); passwords.put("abcd", "dcba"); }
/** * Here, we attempt to get the password from the private *
alias/passwords map. */ public void handle(Callback[] callbacks) throws
IOException, UnsupportedCallbackException { for (int i = 0; i <
callbacks.length; i++) { WSPasswordCallback pc =
(WSPasswordCallback)callbacks[i];
String pass = passwords.get(pc.getIdentifier());
if (pass == null) { throw new SecurityException ("The
UsernameToken '"+pc.getIdentifier()+"' can not be authenticated.");
} else if (pass != null) { pc.setPassword(pass);
return; } }
// // Password not found // throw new
IOException(); }
/** * Add an alias/password pair to the callback mechanism. */
public void setAliasPassword(String alias, String password) {
passwords.put(alias, password); }}
Client configuration with WSS4JStaxOutInterceptor:
<jaxws:client name="..." createdFromAPI="true"> <jaxws:outInterceptors>
<bean
class="org.apache.cxf.ws.security.wss4j.WSS4JStaxOutInterceptor">
<constructor-arg> <map>
<entry key="action" value="UsernameToken"/>
<entry key="user"
value="theUserName"/> <entry
key="passwordType" value="PasswordText"/>
<entry key="passwordCallbackRef" value-ref="clientCallback"/>
</map> </constructor-arg>
</bean> </jaxws:outInterceptors>
</jaxws:client> <bean id="clientCallback"
class="com.att.cio.rpcperf.client.ClientPasswordCallback"/> <cxf:bus>
<cxf:features> <cxf:logging/>
</cxf:features> </cxf:bus>
Thanks,Venkat
> Date: Thu, 21 Aug 2014 16:33:03 +0100
> Subject: Re: WSS4JStax interceptor issues in Apache CXF 3.0.0
> From: [email protected]
> To: [email protected]
>
> Hi,
>
> > 1) The client with WSS4JStaxOutInterceptor (WSS4J-2.0.0) is not
> working. It is throwing the exception.
>
> It was a bug in WSS4J 2.0.0 (SOAP schemas were not included), fixed in
> WSS4J 2.0.1.
>
> > 2) I replaced the WSS4J 2.0.0 jar’s with WSS4J 2.0.1 jar and the
> client side works fine. However with 2.0.0 and 2.0.1 the server > side code
> was not getting the User Name in password callback handler when
> WSS4JStaxInInterceptor used, basically
> > “getIdentifier” method returns an empty string. Everything works fine
> with old WSS4J interceptors as well as WS-SecurityPolicy.
>
> This seems odd. Could you paste in what the UsernameToken from the message
> looks like, what the CallbackHandler implementation looks like?
>
> > 3) WSS4JStaxOutInterceptor does not log the outbound message when
> the logging enabled.
>
> Do you mean that if you enable the CXF logging interceptors, it doesn't log
> the message? WSS4JStaxOutInterceptor itself doesn't log the message.
>
> Colm.
>
> On Wed, Aug 20, 2014 at 7:22 PM, NALLA, VENKAT <[email protected]> wrote:
>
> > Hi Colm,
> >
> >
> >
> > I am using Apache CXF version 3.0.0 and testing JAX-WS services with
> > WS-Security UsernameToken profile with plain password, and running in to
> > following issues. Appreciate if you could help in resolving these issues.
> >
> >
> >
> > 1) The client with WSS4JStaxOutInterceptor (WSS4J-2.0.0) is not
> > working. It is throwing the exception.
> >
> > a. Exception using Oracle JDK 7 on Windows 7 desktop in the
> > attached file “OracleJDK7WSS4J-2.0.0-ClientException on Win7.txt”
> >
> > b. Exception using IBM JDK 7 on AIX in the attached file
> > “IBMJDK7-WSS4j-2.0.0ClientException on AIX.txt”
> >
> >
> >
> > 2) I replaced the WSS4J 2.0.0 jar’s with WSS4J 2.0.1 jar and the
> > client side works fine. However with 2.0.0 and 2.0.1 the server side code
> > was not getting the User Name in password callback handler when
> > WSS4JStaxInInterceptor used, basically “getIdentifier” method returns an
> > empty string. Everything works fine with old WSS4J interceptors as well as
> > WS-SecurityPolicy.
> >
> > 3) WSS4JStaxOutInterceptor does not log the outbound message when
> > the logging enabled.
> >
> >
> >
> > The server configuration:
> >
> > <jaxws:endpoint name="…" createdFromAPI="true">
> >
> > <jaxws:inInterceptors>
> >
> >
> >
> > <bean class="
> > org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor">
> >
> > <
> > constructor-arg>
> >
> >
> > <map>
> >
> >
> > <entry key="action" value="UsernameToken"/>
> >
> >
> > <entry key="passwordType" value="PasswordText"/>
> >
> >
> > <entry key="passwordCallbackClass" value="...ServerPasswordCallback"/>
> >
> >
> > </map>
> >
> > </
> > constructor-arg>
> >
> > </bean>
> >
> > </jaxws:inInterceptors>
> >
> > </jaxws:endpoint>
> >
> >
> >
> > Thanks,
> >
> > Venkat
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
> >
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
