Hi,
I have a CXF Web Service. This service is invoked by lots of 3rd party
systems and some of these use .Net. There is a known issue with .Net
services making the Type attribue on the Password element in UsernameToken
qualified. Luckily the CXF framework provides the property
allowNamespaceQualifiedPasswordTypes to allow these through, however, either
I'm not using this setting correcltly or it is not being set properly by the
framework as I can't get it to work.
<constructor-arg>
<map>
...
<entry key="allowNamespaceQualifiedPasswordTypes"
value="true"/>
</map>
</constructor-arg>
What I've found is that the property is being read from the xbean as if I
give an invalid value, e.g.
<constructor-arg>
<map>
...
<entry key="allowNamespaceQualifiedPasswordTypes"
value="bob"/>
</map>
</constructor-arg>
I get an exception "illegal allowNamespaceQualifiedPasswordTypes parameter"
as I'd expect.
Looking in the code for WSS4JInInterceptor and its super class WSHander
shows that the property is read in the call to (WSHandler) doReceiverAction
in (WSS4JInInterceptor ) handleMessage. The property is set in the
RequestData object's wssConfig. However, I think the property is needed in
the WSSecurityEngine object's wssConfig. If I explicitly set the value in
WSSecurityEngine in handleMessage it works as I want:
getSecurityEngine().getWssConfig().setAllowNamespaceQualifiedPasswordTypes(true);
I don't really want to leave this workaround in as it involves replacing the
WSS4JInInterceptor class in its entirety as I can't adjust the property
otherwise.
Any ideas what I'm doing wrong?
Thanks for your help,
Steve
--
View this message in context:
http://old.nabble.com/allowNamespaceQualifiedPasswordTypes-ignored-tp28240611p28240611.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
