cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gdprao <gdp...@yahoo.com>
Subject Re: UsernameToken Authentication with WSS4J
Date Wed, 12 Sep 2007 23:49:17 GMT

Hi Zarar,

Thanks for the link.  I have changed my configurations with the
@InInterceptors in the service implementation class and also coded
WSSecurityInterceptor and ValidateUserTokenInterceptor as shown in the blog. 
Still I am getting the following exception when I try to invoke the service.
Any clues are appreciated.

2007-09-12 16:37:43,562 - DEBUG
(com.mydomain.cxfauth.interceptors.WSSecurityInterceptor:handleMessage:25) -
Inside handleMessage() of WSSecurityInterceptor. 
Sep 12, 2007 4:37:43 PM org.apache.cxf.phase.PhaseInterceptorChain
doIntercept
INFO: Interceptor has thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: NO_SAAJ_DOC
	at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:116)
	at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:59)
	at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:207)
	at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:73)
	at
org.apache.cxf.transport.servlet.ServletDestination.doMessage(ServletDestination.java:78)
	at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:231)
	at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:139)
	at org.apache.cxf.transport.servlet.CXFServlet.invoke(CXFServlet.java:271)
	at org.apache.cxf.transport.servlet.CXFServlet.doPost(CXFServlet.java:249)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
	....

Further, I want to know where the passwords comparison occurs.  From the
following code snippet of ValidateUserTokenInterceptor:

 if (!principal.isPasswordDigest() ||
                            principal.getNonce() == null ||
                            principal.getPassword() == null ||
                            principal.getCreatedTime() == null) {
                        throw new RuntimeException("Invalid Security
Header");
                    } else {

//Where does the passwords compared??

                        userTokenValidated = true;
                    }


Thanks,
Durga




Zarar Siddiqi wrote:
> 
> You'll need a ValidateUserTokenInterceptor as shown here:
> 
> http://arsenalist.com/2007/07/31/cxf-ws-security-using-jsr-181-interceptor-annotations-xfire-migration/
> 
> 
> 
> 
> 
> 
> gdprao wrote:
>> 
>> I am facing a problem with the password comparison using WSS4J
>> interceptors.  I see the username and password are passed from the client
>> to the server correctly and invoking PasswordCallbackHandler from SOAP
>> message logs.  As per my understanding the actual password comparison is
>> done by WSS4J.  The problem I am facing is that the service is getting
>> invoked even if the passwords are not matching while I am expecting the
>> SOAP fault to be thrown. The client is sending the password "test" while
>> the server is expecting "test123" for the user "admin".  Here are my logs
>> and configuration.  Please let me know if I am missing anything.
>> 
>> Server side applicationContext-cxf.xml:
>> 
>> <jaxws:endpoint id="helloWorld"
>> 		implementor="com.mydomain.cxfauth.HelloWorldImpl"
>> 		address="/HelloWorld">
>> 
>> 		<jaxws:features>
>> 			<bean class="org.apache.cxf.feature.LoggingFeature" />
>> 		</jaxws:features>
>> 		<jaxws:inInterceptors>
>> 			<bean
>> 				class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
>> 			<ref bean="wss4jInConfiguration" />
>> 		</jaxws:inInterceptors>
>> 	</jaxws:endpoint>
>> 	<bean id="wss4jInConfiguration"
>> 		class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
>> 		<property name="properties">
>> 			<map>
>> 				<entry key="action" value="UsernameToken" />
>> 				<entry key="passwordType" value="PasswordText" />
>> 				<entry>
>> 					<key>
>> 						<value>passwordCallbackRef</value>
>> 					</key>
>> 					<ref bean="passwordCallback" />
>> 				</entry>
>> 			</map>
>> 		</property>
>> 	</bean>
>> 
>> <bean id="passwordCallback"
>> class="com.mydomain.cxfauth.interceptors.PasswordCallbackHandler"/>
>> 
>> Server side Password callback handler:
>> 
>> public void handle(Callback[] callbacks) throws IOException,
>> 			UnsupportedCallbackException {
>> 		WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
>> 		logger.debug("identifier on server: " + pc.getIdentifer());
>> 		if (pc.getIdentifer().equals("admin")) {
>> 			logger.debug("Inside if: " + pc.getIdentifer());
>> 			//set the password on the callback. This will later be compared to the
>> password which was sent from the client.
>> 			pc.setPassword("test123");
>> 		}
>> 
>> 	}
>> 
>> Client side client-cxf.xml:
>> 
>> <bean id="client" class="com.mydomain.cxfauth.HelloWorld"
>> 		factory-bean="clientFactory" factory-method="create" />
>> 
>> 	<bean id="clientFactory"
>> 		class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean">
>> 		<property name="serviceClass"
>> 			value="com.mydomain.cxfauth.HelloWorld" />
>> 		<property name="address"
>> 			value="http://localhost:8080/cxfauth/services/HelloWorld" />
>> 		<property name="outInterceptors">
>> 			<list>
>> 				<bean
>> 					class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
>> 				<ref bean="wss4jOutConfiguration" />
>> 			</list>
>> 		</property>
>> 	</bean>
>> 	<bean id="wss4jOutConfiguration"
>> 		class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
>> 		<property name="properties">
>> 			<map>
>> 				<entry key="action" value="UsernameToken" />
>> 				<entry key="user" value="admin" />
>> 				<entry key="passwordType" value="PasswordText" />
>> 				<entry>
>> 					<key>
>> 						<value>passwordCallbackRef</value>
>> 					</key>
>> 					<ref bean="passwordCallback" />
>> 				</entry>
>> 			</map>
>> 		</property>
>> 	</bean>
>> 	<bean id="passwordCallback"
>> 		class="com.mydomain.cxfauthclient.interceptors.PasswordCallbackHandler"
>> />
>> 
>> Client side PasswordCallbackHandler:
>> 
>> public void handle(Callback[] callbacks) throws IOException,
>> 			UnsupportedCallbackException {
>> 		WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
>> 		logger.debug("identifier on client: " + pc.getIdentifer());
>> 		if (pc.getIdentifer().equals("admin")) {
>> 			//set the password on the callback on client side
>> 			pc.setPassword("test");
>> 		}
>> 
>> 	}
>> 
>> 
>> Server Log:
>> 
>> Sep 12, 2007 10:25:21 AM org.apache.cxf.transport.servlet.CXFServlet
>> replaceDestionFactory
>> INFO: servlet transport factory already registered 
>> Sep 12, 2007 10:26:10 AM org.apache.cxf.interceptor.LoggingInInterceptor
>> handleMessage
>> INFO: Inbound Message
>> --------------------------------------
>> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
>> <soap:Header>
>> <wsse:Security
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> soap:mustUnderstand="1"><wsse:UsernameToken
>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>> wsu:Id="UsernameToken-12741398"
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:Username
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">admin</wsse:Username><wsse:Password
>> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">test</wsse:Password></wsse:UsernameToken></wsse:Security></soap:Header><soap:Body><ns1:sayHi
>> xmlns:ns1="http://cxfauthmydomaincom/"><arg0>Durgaprasad</arg0></ns1:sayHi></soap:Body></soap:Envelope>
>> --------------------------------------
>> 2007-09-12 10:26:10,728 - DEBUG
>> (com.mydomain.cxfauth.interceptors.PasswordCallbackHandler:handle:20) -
>> identifier on server: admin
>> 2007-09-12 10:26:10,744 - DEBUG
>> (com.mydomain.cxfauth.interceptors.PasswordCallbackHandler:handle:22) -
>> Inside if: admin
>> Sep 12, 2007 10:26:11 AM
>> org.apache.cxf.interceptor.LoggingOutInterceptor$LoggingCallback onClose
>> INFO: Outbound Message 
>> --------------------------------------
>> <soap:Envelope
>> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><ns1:sayHiResponse
>> xmlns:ns1="http://cxfauth.mydomain.com/"><return>Welcome, Durgaprasad to
>> the CXF web
>> services</return></ns1:sayHiResponse></soap:Body></soap:Envelope>
>> --------------------------------------
>> 
>> Client response Log:
>> 
>> Sep 12, 2007 10:26:09 AM
>> org.apache.cxf.service.factory.ReflectionServiceFactoryBean
>> buildServiceFromClass
>> INFO: Creating Service {http://cxfauth.mydomain.com/}HelloWorldService
>> from class com.mydomain.cxfauth.HelloWorld
>> 2007-09-12 10:26:10,135 - DEBUG
>> (com.mydomain.cxfauthclient.interceptors.PasswordCallbackHandler:handle:20)
>> - identifier on client: admin
>> 2007-09-12 10:26:11,119 - DEBUG
>> (com.mydomain.cxfauthclient.CXFAuthClient:main:21) - Response: Welcome,
>> Durgaprasad to the CXF web services
>> 
>> 
>> 
>> 
> 
> 

-- 
View this message in context: http://www.nabble.com/UsernameToken-Authentication-with-WSS4J-tf4431064.html#a12646242
Sent from the cxf-user mailing list archive at Nabble.com.


Mime
View raw message