I built a JAX-WS service with wss4j by CXF 3.1.6, words great when I put
password in properties file as below.
But I need to encrypt or load password outside from webapp, so I made a
callback handler but seems it only fired when the properties file has
keystone password and private key password(Usage at SIGNATURE)
I try to remove the settings of keystone password and private key password,
I can check the callback handler constructor is called but none of handle
method is called with cannot recover key exception.
Any suggestion is welcome.
applicationContext.xml
<bean id="outbound-async-security"
class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<property name="allowMTOM" value="false"/>
<constructor-arg>
<map>
<entry key="action" value="Timestamp Signature
enableSignatureConfirmation"/>
<entry key="handleCustomPasswordTypes" value="true"/>
<entry key="signatureUser" value="TestUser:Env"/>
<entry key="signatureKeyIdentifier"
value="DirectReference"/>
<entry key="signaturePropFile"
value="config/client-crypto.properties"/>
<entry key="passwordCallbackClass"
value="com.aitc.ws.security.ClientPasswordCallbackHandler"/>
<entry key="useSingleCertificate" value="true" />
<entry key="signatureAlgorithm"
value="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
<entry key="signatureDigestAlgorithm"
value="http://www.w3.org/2000/09/xmldsig#sha1"; />
<entry key="signatureCanonicalizationAlgorithm"
value="http://www.w3.org/2001/10/xml-exc-c14n#"; />
<entry key="signatureParts"
value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://www.w3.org/2003/05/soap-envelope}Body;{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}BinarySecurityToken;{Element}{http://www.w3.org/2005/08/addressing}Action;{Element}{http://www.w3.org/2005/08/addressing}MessageID;{Element}{http://www.w3.org/2005/08/addressing}To;{Element}{http://www.w3.org/2005/08/addressing}From;"/>
<entry key="enableSignatureConfirmation" value="true" />
</map>
</constructor-arg>
</bean>
config/client-crypto.properties
org.apache.ws.security.crypto.merlin.keystore.file=config/SignatureKeyStore.jks
org.apache.ws.security.crypto.merlin.keystore.password=testpwd
org.apache.ws.security.crypto.merlin.keystore.alias=testuser:TestUser:Env
org.apache.ws.security.crypto.merlin.keystore.private.password=pwdForKey
public class ClientPasswordCallbackHandler implements CallbackHandler {
public ClientPasswordCallbackHandler()
{
System.out.println("ClientPasswordCallbackHandler is
constructing...");
}
@Override
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
System.out.println("ClientPasswordCallbackHandler handle is
called!,
Count:"+(callbacks==null?-1:callbacks.length));
for (int i = 0; i < callbacks.length; i++) {
WSPasswordCallback pc = (WSPasswordCallback)
callbacks[i];
System.out.println(String.format("CallbackHandler
Usage:%d, Name:%s,
Type:%s, Pwd:%s",
pc.getUsage(), pc.getIdentifier(),
pc.getType(), pc.getIdentifier()));
if (pc.getUsage() == WSPasswordCallback.SIGNATURE
|| pc.getUsage() == WSPasswordCallback.DECRYPT
|| pc.getUsage() ==
WSPasswordCallback.PASSWORD_ENCRYPTOR_PASSWORD
)
if (pc.getIdentifier().equals("TestUser:Env"))
{
pc.setPassword("testpwd");
}
}
}
}
--
View this message in context:
http://cxf.547215.n5.nabble.com/Password-Callback-did-not-fire-tp5770579.html
Sent from the cxf-user mailing list archive at Nabble.com.
