Hi Colm, Thanks for the help. I modified the code of callback handler as suggested. The callback handler is called twice for every request with no id once and with id once again. The callback handler should not be called twice for subsequent requests (after initialization) right? Is it not an overhead? Thanks,Venkat
> Date: Thu, 11 Sep 2014 09:04:19 +0100 > Subject: Re: WSS4JStax interceptor issues in Apache CXF 3.0.0 > From: [email protected] > To: [email protected] > > > I am not sure why it needs to be called twice? and what is the purpose of > this extra password? > > As I previously said.... > > The reason the CallbackHandler is being called twice, once without an > identifier, is that the JasyptPasswordEncryptor asks the CallbackHandler > for a password on startup. The JasyptPasswordEncryptor is a new feature in > WSS4J 2.0.0, which allows you to have encrypted passwords in Crypto > properties files. I have merged a fix to WSS4J to only query the > CallbackHandler for a password when it is actually needed. > > Just update your CallbackHandler to not throw an exception if the > identifier is null for now. Your old code will work with the next released > version of CXF. > > Colm. > > On Wed, Sep 10, 2014 at 9:34 PM, venkatesham nalla <[email protected]> > wrote: > > > Hi Colm, > > With the following Callback Handler it is working OK, but still the > > callback handler is called twice for every request. I am not sure why it > > needs to be called twice? and what is the purpose of this extra password? > > public void handle(Callback[] callbacks) throws IOException, > > UnsupportedCallbackException { > > System.out.println("======================="); > > System.out.println("Handle - Callback length = " + callbacks.length); > > System.out.println("======================="); > > System.out.flush(); for (int i = 0; i < callbacks.length; i++) { > > WSPasswordCallback pc = (WSPasswordCallback)callbacks[i]; > > String id = pc.getIdentifier(); String > > pass = passwords.get(id); if (pass == null) { > > pass = "doNotKnowWhyThisIsRequired"; } > > if (pass == null) { > > throw new SecurityException ("The UsernameToken '"+pc.getIdentifier()+"' > > can not be authenticated."); } else if (pass != null) > > { pc.setPassword(pass); return; } > > } > > // // Password not found // throw new > > IOException(); } > > > > Thanks,Venkat > > > > From: [email protected] > > To: [email protected] > > Subject: RE: WSS4JStax interceptor issues in Apache CXF 3.0.0 > > Date: Wed, 10 Sep 2014 17:04:18 +0000 > > > > > > > > > > With the Callback Handler code given below it is resulting in same error > > for every request. > > public void handle(Callback[] callbacks) throws IOException, > > UnsupportedCallbackException { for (int i = 0; i < callbacks.length; > > i++) { WSPasswordCallback pc = (WSPasswordCallback)callbacks[i]; > > String pass = passwords.get(pc.getIdentifier()); > > if (pass == null) { throw new SecurityException > > ("The UsernameToken '"+pc.getIdentifier()+"' can not be authenticated."); > > } else if (pass != null) { > > pc.setPassword(pass); return; } } > > // // Password not found // throw new > > IOException(); } > > Thanks,Venkat > > Date: Wed, 10 Sep 2014 14:42:52 +0100 > > Subject: Re: WSS4JStax interceptor issues in Apache CXF 3.0.0 > > From: [email protected] > > To: [email protected] > > > > > > You can test by checking out the latest WSS4J + CXF sources + building > > them locally (or waiting until the SNAPSHOTS have deployed to Maven). It's > > a minor issue though...why do you need the fix? It just accepts the > > CallbackHandler for a password + proceeds as normal after that. > > > > Colm. > > > > On Wed, Sep 10, 2014 at 2:41 PM, venkatesham nalla <[email protected]> > > wrote: > > Hi Colm, > > Thanks for the update. How can I get the updated code? > > > > ThxVenkat Nalla > > On Sep 10, 2014, at 5:43 AM, "Colm O hEigeartaigh" <[email protected]> > > wrote: > > > > > > I took another look at this issue. The reason the CallbackHandler is being > > called twice, once without an identifier, is that the > > JasyptPasswordEncryptor asks the CallbackHandler for a password on startup. > > The JasyptPasswordEncryptor is a new feature in WSS4J 2.0.0, which allows > > you to have encrypted passwords in Crypto properties files. I have merged a > > fix to WSS4J to only query the CallbackHandler for a password when it is > > actually needed. > > > > Colm. > > > > On Fri, Aug 22, 2014 at 8:50 AM, Colm O hEigeartaigh <[email protected]> > > wrote: > > > > The logging issue is an interceptor ordering issue that Dan has just fixed > > on trunk. With regards to the password callback issue, could you create a > > test-case that I could take a look at? I don't see anything obviously wrong > > in the code you pasted. > > > > > > Colm. > > > > > > On Thu, Aug 21, 2014 at 7:16 PM, venkatesham nalla <[email protected]> > > wrote: > > > > Hi Colm, > > > > I have tested with CXF 3.0.1 as well and results are same.The SOAP Request > > and Password Callback code are included below. > > > > Yes I have enabled the logging, which does not log outbound message on the > > client side when WSS4JStaxOutInterceptor is used. However the inbound > > message is getting logged. > > > > SOAP Request: > > > > <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";> > > <soap:Header> <wsse:Security xmlns:wsse=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; > > soap:mustUnderstand="1"> <wsse:UsernameToken xmlns:wsu=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > > wsu:Id="G0174fea5-ef7f-435e-8d5f-36a3143ffaa4"> > > <wsse:Username>theUserName</wsse:Username> > > <wsse:Password Type=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>thePassword</wsse:Password> > > </wsse:UsernameToken> </wsse:Security> > > </soap:Header> <soap:Body> <TwowayStructStringRequest xmlns=" > > http://test.com/struct/xsd";> <PerfStructStringArrayVal> > > <Item> > > <StringVal>String</StringVal> > > <DoubleVal>18446744073709551616</DoubleVal> > > <FloatVal>4294967296</FloatVal> > > <CharVal>a</CharVal> > > <LongVal>4294967296</LongVal> > > <ShortVal>65536</ShortVal> </Item> > > </PerfStructStringArrayVal> </TwowayStructStringRequest> > > </soap:Body></soap:Envelope> > > > > > > Password Callback Code (this code works with WS-SecurityPolicy as well as > > WSS4J old interceptors. > > > > public class ServerPasswordCallback implements CallbackHandler { > > > > private Map<String, String> passwords = new HashMap<String, > > String>(); > > > > public ServerPasswordCallback() { passwords.put("theUserName", > > "thePassword"); passwords.put("abcd", "dcba"); } > > > > /** * Here, we attempt to get the password from the private * > > alias/passwords map. */ public void handle(Callback[] callbacks) > > throws IOException, UnsupportedCallbackException { for (int i = 0; i > > < callbacks.length; i++) { WSPasswordCallback pc = > > (WSPasswordCallback)callbacks[i]; > > > > > > String pass = passwords.get(pc.getIdentifier()); > > if (pass == null) { throw new SecurityException > > ("The UsernameToken '"+pc.getIdentifier()+"' can not be authenticated."); > > } else if (pass != null) { > > pc.setPassword(pass); return; } } > > > > > > // // Password not found // throw new > > IOException(); } > > > > /** * Add an alias/password pair to the callback mechanism. > > */ public void setAliasPassword(String alias, String password) { > > passwords.put(alias, password); }} > > > > Client configuration with WSS4JStaxOutInterceptor: > > > > <jaxws:client name="..." createdFromAPI="true"> > > <jaxws:outInterceptors> <bean > > class="org.apache.cxf.ws.security.wss4j.WSS4JStaxOutInterceptor"> > > <constructor-arg> > > <map> <entry key="action" > > value="UsernameToken"/> <entry > > key="user" value="theUserName"/> > > <entry key="passwordType" value="PasswordText"/> > > <entry key="passwordCallbackRef" > > value-ref="clientCallback"/> </map> > > </constructor-arg> </bean> > > </jaxws:outInterceptors> </jaxws:client> <bean id="clientCallback" > > class="com.att.cio.rpcperf.client.ClientPasswordCallback"/> <cxf:bus> > > <cxf:features> <cxf:logging/> > > </cxf:features> </cxf:bus> > > > > > > Thanks,Venkat > > > > > > > > > Date: Thu, 21 Aug 2014 16:33:03 +0100 > > > > > Subject: Re: WSS4JStax interceptor issues in Apache CXF 3.0.0 > > > > > From: [email protected] > > > > > To: [email protected] > > > > > > > > > > Hi, > > > > > > > > > > > 1) The client with WSS4JStaxOutInterceptor (WSS4J-2.0.0) is not > > > > > working. It is throwing the exception. > > > > > > > > > > It was a bug in WSS4J 2.0.0 (SOAP schemas were not included), fixed in > > > > > WSS4J 2.0.1. > > > > > > > > > > > 2) I replaced the WSS4J 2.0.0 jar’s with WSS4J 2.0.1 jar and the > > > > > client side works fine. However with 2.0.0 and 2.0.1 the server > side > > code > > > > > was not getting the User Name in password callback handler when > > > > > WSS4JStaxInInterceptor used, basically > > > > > > “getIdentifier” method returns an empty string. Everything works fine > > > > > with old WSS4J interceptors as well as WS-SecurityPolicy. > > > > > > > > > > This seems odd. Could you paste in what the UsernameToken from the > > message > > > > > looks like, what the CallbackHandler implementation looks like? > > > > > > > > > > > 3) WSS4JStaxOutInterceptor does not log the outbound message when > > > > > the logging enabled. > > > > > > > > > > Do you mean that if you enable the CXF logging interceptors, it doesn't > > log > > > > > the message? WSS4JStaxOutInterceptor itself doesn't log the message. > > > > > > > > > > Colm. > > > > > > > > > > On Wed, Aug 20, 2014 at 7:22 PM, NALLA, VENKAT <[email protected]> wrote: > > > > > > > > > > > Hi Colm, > > > > > > > > > > > > > > > > > > > > > > > > I am using Apache CXF version 3.0.0 and testing JAX-WS services with > > > > > > WS-Security UsernameToken profile with plain password, and running in > > to > > > > > > following issues. Appreciate if you could help in resolving these > > issues. > > > > > > > > > > > > > > > > > > > > > > > > 1) The client with WSS4JStaxOutInterceptor (WSS4J-2.0.0) is not > > > > > > working. It is throwing the exception. > > > > > > > > > > > > a. Exception using Oracle JDK 7 on Windows 7 desktop in the > > > > > > attached file “OracleJDK7WSS4J-2.0.0-ClientException on Win7.txt” > > > > > > > > > > > > b. Exception using IBM JDK 7 on AIX in the attached file > > > > > > “IBMJDK7-WSS4j-2.0.0ClientException on AIX.txt” > > > > > > > > > > > > > > > > > > > > > > > > 2) I replaced the WSS4J 2.0.0 jar’s with WSS4J 2.0.1 jar and the > > > > > > client side works fine. However with 2.0.0 and 2.0.1 the server side > > code > > > > > > was not getting the User Name in password callback handler when > > > > > > WSS4JStaxInInterceptor used, basically “getIdentifier” method returns > > an > > > > > > empty string. Everything works fine with old WSS4J interceptors as > > well as > > > > > > WS-SecurityPolicy. > > > > > > > > > > > > 3) WSS4JStaxOutInterceptor does not log the outbound message when > > > > > > the logging enabled. > > > > > > > > > > > > > > > > > > > > > > > > The server configuration: > > > > > > > > > > > > <jaxws:endpoint name="…" createdFromAPI="true"> > > > > > > > > > > > > <jaxws:inInterceptors> > > > > > > > > > > > > > > > > > > > > > > > > <bean class=" > > > > > > org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor"> > > > > > > > > > > > > < > > > > > > constructor-arg> > > > > > > > > > > > > > > > > > > <map> > > > > > > > > > > > > > > > > > > <entry key="action" value="UsernameToken"/> > > > > > > > > > > > > > > > > > > <entry key="passwordType" value="PasswordText"/> > > > > > > > > > > > > > > > > > > <entry key="passwordCallbackClass" value="...ServerPasswordCallback"/> > > > > > > > > > > > > > > > > > > </map> > > > > > > > > > > > > </ > > > > > > constructor-arg> > > > > > > > > > > > > </bean> > > > > > > > > > > > > </jaxws:inInterceptors> > > > > > > > > > > > > </jaxws:endpoint> > > > > > > > > > > > > > > > > > > > > > > > > Thanks, > > > > > > > > > > > > Venkat > > > > > > > > > > > > -- > > > > > > Colm O hEigeartaigh > > > > > > > > > > > > Talend Community Coder > > > > > > http://coders.talend.com > > > > > > > > > > > > > > > > > > > > -- > > Colm O hEigeartaigh > > > > Talend Community Coder > > http://coders.talend.com > > > > > > > > > > -- > > Colm O hEigeartaigh > > > > Talend Community Coder > > http://coders.talend.com > > > > > > > > > > -- > > Colm O hEigeartaigh > > > > Talend Community Coder > > http://coders.talend.com > > > > > > > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com
