cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: Help with custom user credential validator
Date Thu, 10 Oct 2013 15:12:31 GMT
Do you want to send a digest password, or no password at all? If the
former, then you shouldn't have a "NoPassword" policy defined...

Colm.


On Tue, Oct 8, 2013 at 2:06 AM, difrad76 <difrad76@gmail.com> wrote:

> Hello,
>
> Let me start by saying I am new to CXF . I am trying to implement
> WS-Security using latest and greatest release of CXF which is 2.7.7. Also,
> I
> don't use spring framework.
>
> In my wsdl I have  the following code for WS-Security
>
> <wsp:Policy wsu:Id="DoubleItDigestPolicy">
>
>           <sp:ProtectionToken>
>             <wsp:Policy>
>               <sp:UsernameToken
> sp:IncludeToken="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient
> ">
>                         <wsp:Policy>
>
>                           <sp:NoPassword/>
>                         </wsp:Policy>
>               </sp:UsernameToken>
>             </wsp:Policy>
>
>           </sp:ProtectionToken>
>   </wsp:Policy>
>
>
> In cxf-beans.xml bellow I have defined custom CallbackHandler
>
> <jaxws:inInterceptors>
>             <bean
> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
>                 <constructor-arg>
>                     <map>
>                         <entry key="action" value="UsernameToken" />
>                         <entry key="passwordType" value="PasswordDigest" />
>                         <entry key="passwordCallbackClass"
> value="com.security.ServerPasswordCallback" />
>                     </map>
>                 </constructor-arg>
>             </bean>
>         </jaxws:inInterceptors>
>
> However I am getting the following exceptions
>
> Oct 07, 2013 7:58:19 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
> handleMessage
> WARNING:
> org.apache.ws.security.WSSecurityException: The security token could not be
> authenticated or authorized
>         at
>
> org.apache.ws.security.validate.UsernameTokenValidator.verifyDigestPassword(UsernameTokenValidator.java:199)
>         at
>
> org.apache.ws.security.validate.UsernameTokenValidator.validate(UsernameTokenValidator.java:97)
>         at
>
> org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:172)
>         at
>
> org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:67)
>         at
>
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
>         at
>
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:279)
>         at
>
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:95)
>         at
>
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
>         at
>
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
>         at
>
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:239)
>         at
>
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
>         at
>
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
>         at
>
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
>         at
>
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:167)
>         at
>
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286)
>         at
>
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
>         at
>
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:262)
>         at
>
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)
>         at
>
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
>         at
>
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240)
>         at
>
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164)
>         at
>
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462)
>         at
>
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164)
>         at
>
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
>         at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562)
>         at
>
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
>         at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:395)
>         at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:250)
>         at
>
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:188)
>         at
>
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:166)
>         at
>
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302)
>         at
>
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
>         at
>
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>         at java.lang.Thread.run(Thread.java:724)
>
> Oct 07, 2013 7:58:19 PM org.apache.cxf.phase.PhaseInterceptorChain
> doDefaultLogging
> WARNING: Interceptor for {http://ws.security.com/}ManagerService has
> thrown
> exception, unwinding now
> org.apache.cxf.binding.soap.SoapFault: The security token could not be
> authenticated or authorized
>         at
>
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:788)
>         at
>
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:336)
>         at
>
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:95)
>         at
>
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
>         at
>
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
>         at
>
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:239)
>         at
>
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
>         at
>
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
>         at
>
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
>         at
>
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:167)
>         at
>
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286)
>         at
>
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
>         at
>
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:262)
>         at
>
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)
>         at
>
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
>         at
>
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240)
>         at
>
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164)
>         at
>
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462)
>         at
>
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164)
>         at
>
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
>         at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562)
>         at
>
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
>         at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:395)
>         at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:250)
>         at
>
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:188)
>         at
>
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:166)
>         at
>
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302)
>         at
>
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
>         at
>
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>         at java.lang.Thread.run(Thread.java:724)
> Caused by: org.apache.ws.security.WSSecurityException: The security token
> could not be authenticated or authorized
>         at
>
> org.apache.ws.security.validate.UsernameTokenValidator.verifyDigestPassword(UsernameTokenValidator.java:199)
>         at
>
> org.apache.ws.security.validate.UsernameTokenValidator.validate(UsernameTokenValidator.java:97)
>         at
>
> org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:172)
>         at
>
> org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:67)
>         at
>
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
>         at
>
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:279)
>         ... 29 more
>
>
> I think I need to add a custom validator but I am not sure neither how to
> bind it nor which interface to implement. I am sure people had this issue
> before but unfortunately I can't find a good example to send me on my way.
>
> Thank you for your help.
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/Help-with-custom-user-credential-validator-tp5734798.html
> Sent from the cxf-dev mailing list archive at Nabble.com.
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message