cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Zarar Siddiqi <zar...@gmail.com>
Subject Re: UsernameToken Authentication with WSS4J
Date Thu, 13 Sep 2007 00:33:29 GMT

You're probably not adding SAAJInInterceptor() to your interceptor chain.



gdprao wrote:
> 
> I am facing a problem with the password comparison using WSS4J
> interceptors.  I see the username and password are passed from the client
> to the server correctly and invoking PasswordCallbackHandler from SOAP
> message logs.  As per my understanding the actual password comparison is
> done by WSS4J.  The problem I am facing is that the service is getting
> invoked even if the passwords are not matching while I am expecting the
> SOAP fault to be thrown. The client is sending the password "test" while
> the server is expecting "test123" for the user "admin".  Here are my logs
> and configuration.  Please let me know if I am missing anything.
> 
> Server side applicationContext-cxf.xml:
> 
> <jaxws:endpoint id="helloWorld"
> 		implementor="com.mydomain.cxfauth.HelloWorldImpl"
> 		address="/HelloWorld">
> 
> 		<jaxws:features>
> 			<bean class="org.apache.cxf.feature.LoggingFeature" />
> 		</jaxws:features>
> 		<jaxws:inInterceptors>
> 			<bean
> 				class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
> 			<ref bean="wss4jInConfiguration" />
> 		</jaxws:inInterceptors>
> 	</jaxws:endpoint>
> 	<bean id="wss4jInConfiguration"
> 		class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
> 		<property name="properties">
> 			<map>
> 				<entry key="action" value="UsernameToken" />
> 				<entry key="passwordType" value="PasswordText" />
> 				<entry>
> 					<key>
> 						<value>passwordCallbackRef</value>
> 					</key>
> 					<ref bean="passwordCallback" />
> 				</entry>
> 			</map>
> 		</property>
> 	</bean>
> 
> <bean id="passwordCallback"
> class="com.mydomain.cxfauth.interceptors.PasswordCallbackHandler"/>
> 
> Server side Password callback handler:
> 
> public void handle(Callback[] callbacks) throws IOException,
> 			UnsupportedCallbackException {
> 		WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
> 		logger.debug("identifier on server: " + pc.getIdentifer());
> 		if (pc.getIdentifer().equals("admin")) {
> 			logger.debug("Inside if: " + pc.getIdentifer());
> 			//set the password on the callback. This will later be compared to the
> password which was sent from the client.
> 			pc.setPassword("test123");
> 		}
> 
> 	}
> 
> Client side client-cxf.xml:
> 
> <bean id="client" class="com.mydomain.cxfauth.HelloWorld"
> 		factory-bean="clientFactory" factory-method="create" />
> 
> 	<bean id="clientFactory"
> 		class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean">
> 		<property name="serviceClass"
> 			value="com.mydomain.cxfauth.HelloWorld" />
> 		<property name="address"
> 			value="http://localhost:8080/cxfauth/services/HelloWorld" />
> 		<property name="outInterceptors">
> 			<list>
> 				<bean
> 					class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
> 				<ref bean="wss4jOutConfiguration" />
> 			</list>
> 		</property>
> 	</bean>
> 	<bean id="wss4jOutConfiguration"
> 		class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
> 		<property name="properties">
> 			<map>
> 				<entry key="action" value="UsernameToken" />
> 				<entry key="user" value="admin" />
> 				<entry key="passwordType" value="PasswordText" />
> 				<entry>
> 					<key>
> 						<value>passwordCallbackRef</value>
> 					</key>
> 					<ref bean="passwordCallback" />
> 				</entry>
> 			</map>
> 		</property>
> 	</bean>
> 	<bean id="passwordCallback"
> 		class="com.mydomain.cxfauthclient.interceptors.PasswordCallbackHandler"
> />
> 
> Client side PasswordCallbackHandler:
> 
> public void handle(Callback[] callbacks) throws IOException,
> 			UnsupportedCallbackException {
> 		WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
> 		logger.debug("identifier on client: " + pc.getIdentifer());
> 		if (pc.getIdentifer().equals("admin")) {
> 			//set the password on the callback on client side
> 			pc.setPassword("test");
> 		}
> 
> 	}
> 
> 
> Server Log:
> 
> Sep 12, 2007 10:25:21 AM org.apache.cxf.transport.servlet.CXFServlet
> replaceDestionFactory
> INFO: servlet transport factory already registered 
> Sep 12, 2007 10:26:10 AM org.apache.cxf.interceptor.LoggingInInterceptor
> handleMessage
> INFO: Inbound Message
> --------------------------------------
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
> <soap:Header>
> <wsse:Security
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> soap:mustUnderstand="1"><wsse:UsernameToken
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="UsernameToken-12741398"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:Username
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">admin</wsse:Username><wsse:Password
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">test</wsse:Password></wsse:UsernameToken></wsse:Security></soap:Header><soap:Body><ns1:sayHi
> xmlns:ns1="http://cxfauthmydomaincom/"><arg0>Durgaprasad</arg0></ns1:sayHi></soap:Body></soap:Envelope>
> --------------------------------------
> 2007-09-12 10:26:10,728 - DEBUG
> (com.mydomain.cxfauth.interceptors.PasswordCallbackHandler:handle:20) -
> identifier on server: admin
> 2007-09-12 10:26:10,744 - DEBUG
> (com.mydomain.cxfauth.interceptors.PasswordCallbackHandler:handle:22) -
> Inside if: admin
> Sep 12, 2007 10:26:11 AM
> org.apache.cxf.interceptor.LoggingOutInterceptor$LoggingCallback onClose
> INFO: Outbound Message 
> --------------------------------------
> <soap:Envelope
> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><ns1:sayHiResponse
> xmlns:ns1="http://cxfauth.mydomain.com/"><return>Welcome, Durgaprasad to
> the CXF web
> services</return></ns1:sayHiResponse></soap:Body></soap:Envelope>
> --------------------------------------
> 
> Client response Log:
> 
> Sep 12, 2007 10:26:09 AM
> org.apache.cxf.service.factory.ReflectionServiceFactoryBean
> buildServiceFromClass
> INFO: Creating Service {http://cxfauth.mydomain.com/}HelloWorldService
> from class com.mydomain.cxfauth.HelloWorld
> 2007-09-12 10:26:10,135 - DEBUG
> (com.mydomain.cxfauthclient.interceptors.PasswordCallbackHandler:handle:20)
> - identifier on client: admin
> 2007-09-12 10:26:11,119 - DEBUG
> (com.mydomain.cxfauthclient.CXFAuthClient:main:21) - Response: Welcome,
> Durgaprasad to the CXF web services
> 
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/UsernameToken-Authentication-with-WSS4J-tf4431064.html#a12646649
Sent from the cxf-user mailing list archive at Nabble.com.


Mime
View raw message