cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kid_79 <chicc...@hotmail.com>
Subject Configuring Xwss and CXF on server side for username token
Date Tue, 10 Feb 2009 17:52:33 GMT

Hi all, 
I'm trying an example with xwss and cxf on server side for username token. I
have this configuration:

wss-server-config.xml 
<xwss:SecurityConfiguration
xmlns:xwss="http://java.sun.com/xml/ns/xwss/config" dumpMessages="true">
   <xwss:RequireUsernameToken passwordDigestRequired="false"
nonceRequired="false"/>
</xwss:SecurityConfiguration>

my beans.xml is:

<jaxws:endpoint id="orderProcess" implementor="demo.order.OrderProcessImpl" 
	address="/OrderProcess" >
	<jaxws:inInterceptors>
	      <ref bean="wsSecurityInterceptor"/>
	 </jaxws:inInterceptors>
</jaxws:endpoint> 

....

<bean id="wsSecurityInterceptor"
class="com.mypackage.interceptor.server.XwssInInterceptor">
	<property name="policyConfiguration" value="/WEB-INF/wss-server-config.xml"
/>
	<property name="callbackHandlers">
	   <list>
	       <ref bean="passwordValidationHandler" />
	   </list>
	</property>
</bean>

<bean id="passwordValidationHandler"
class="com.mypackage.callback.SimplePasswordValidationCallbackHandler">
	<property name="users">
	       <props>
		<prop key="user">password</prop>
	       </props>
	</property>
</bean>


where wsSecurityInterceptor and passwordValidationHandler are my
implentation!

SimplePasswordValidationCallbackHandler class extends
AbstractCallbackHandler and AbstractCallbackHandler implements
CallbackHandler (javax.security.auth.callback.CallbackHandler)
while XwssInInterceptor class extends AbstractPhaseInterceptor (because cxf
implements this interceptor) 

Now when I have an request from client as:
...
<soapenv:Header>
		<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
soapenv:mustUnderstand="1">
			<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="username">
				<wsse:Username>prova</wsse:Username>
				<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">
					password
				</wsse:Password>
			</wsse:UsernameToken>
		</wsse:Security>
	</soapenv:Header>
...

in the handleInternal(Callback callback) method of
SimplePasswordValidationCallbackHandler class I have this callback param:
com.sun.xml.wss.impl.callback.SignatureKeyCallback
while I'm thinking that callback param is:
com.sun.xml.wss.impl.callback.PasswordValidationCallback for handle a
username and password.

Where is wrong?
Can you help me?




-- 
View this message in context: http://www.nabble.com/Configuring-Xwss-and-CXF-on-server-side-for-username-token-tp21939026p21939026.html
Sent from the cxf-dev mailing list archive at Nabble.com.


Mime
View raw message