cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anand R <Anand.Ra...@ibsplc.com>
Subject Re: Problem with AbstractUsernameTokenInInterceptor
Date Thu, 03 Feb 2011 10:51:09 GMT
Hi Sergey,

Thanks for your response. I used to get the following exception when I did 
not configure a callback handler. This exception does not come if the 
password is plain text instead of a digest.

org.apache.cxf.interceptor.Fault: General security error 
(WSSecurityEngine: No password callback supplied)
        at 
org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.processUsernameToken(UsernameTokenInterceptor.java:154)
        at 
org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.handleMessage(UsernameTokenInterceptor.java:114)
        at 
org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.handleMessage(UsernameTokenInterceptor.java:72)
        at 
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:255)
        at 
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:113)
        at 
org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:97)
        at 
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:461)
        at 
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:188)
        at 
org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServlet.java:148)
        at 
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:179)
        at 
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:103)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
        at 
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:159)
        at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
        at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:228)
        at 
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
        at 
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
        at 
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
        at 
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at 
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:212)
        at 
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
        at 
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:634)
        at 
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:445)
        at java.lang.Thread.run(Thread.java:595)
Caused by: org.apache.ws.security.WSSecurityException: General security 
error (WSSecurityEngine: No password callback supplied)
        at 
org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:91)
        at 
org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.getPrincipal(UsernameTokenInterceptor.java:167)
        at 
org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.processUsernameToken(UsernameTokenInterceptor.java:129)
        ... 24 more
 
 
Thanks and regards,
Anand R 
System Architect 
IBS Software Services Private Limited 
2nd Floor - Left Wing, IBS Towers, Technopark Campus, Trivandrum - 695581, 
Kerala, India
Telephone - +91-471-6614291, Mobile - +91-9846324022 
E-Mail - anand.raman@ibsplc.com, www.ibsplc.com 




From:   Sergey Beryozkin <sberyozkin@gmail.com>
To:     users@cxf.apache.org
Date:   03-02-11 04:08 PM
Subject:        Re: Problem with AbstractUsernameTokenInInterceptor



Hi

On Thu, Feb 3, 2011 at 6:37 AM, Anand R <Anand.Raman@ibsplc.com> wrote:

> Hi,
>
> My requirement is to perform a custom authentication on the username and
> password that I receive as part of the UsernameToken header in the
> incoming SOAP request. I discovered that cxf-2.3.2 provides an
> AbstractUsernameTokenInInterceptor to perform this. I extended this 
class
> and created my interceptor that overrides the createSubject method. When 
I
> configure my interceptor in my beans.xml as shown below, I am getting an
> exception.
>
> This exception comes up when I use a password digest. The plain text
> password works fine. Is there any problem in the way I have configured 
my
> interceptor?
>
>
> Entry in beans.xml
>
>        <jaxws:endpoint id="echo"
> implementor="learn.wssecurity.echo.EchoServiceImpl"
>                wsdlLocation="wsdl/echo/EchoService.wsdl"
> address="/EchoService">
>                <jaxws:inInterceptors>
>                          <bean
> class="learn.wssecurity.echo.WSSUsernameTokenInterceptor"/>
>                </jaxws:inInterceptors>
>                <jaxws:properties>
>                        <entry key="ws-security.callback-handler"
> value="learn.wssecurity.echo.ServerPasswordCallback" />
>                        <entry key="ws-security.ut.no-callbacks"
> value="true" />
>                </jaxws:properties>
>        </jaxws:endpoint>
>
>

What is the purpose of registering ServerPasswordCallback ? If you set a
"ws-security.ut.no-callbacks" property then you only need a callback if 
you
have an encrypted UT, so that the UT can be decrypted.
So this callback that you're registering may be interfering in the case 
when
you have a hashed UT token, can you remove it please and see what happens 
?

Cheers, Sergey




>
> Exception
>
> java.lang.SecurityException: Security Token is not available on the
> current message
>        at
>
> 
org.apache.cxf.interceptor.security.AbstractSecurityContextInInterceptor.reportSecurityException(AbstractSecurityContextInInterceptor.java:
> 88)
>        at
>
> 
org.apache.cxf.interceptor.security.AbstractSecurityContextInInterceptor.handleMessage(AbstractSecurityContextInInterceptor.java:47)
>        at
>
> 
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:255)
>        at
>
> 
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:113)
>        at
>
> 
org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:97)
>        at
>
> 
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:461)
>        at
>
> 
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:188)
>        at
>
> 
org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServlet.java:148)
>        at
>
> 
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:179)
>        at
>
> 
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:103)
>        at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
>        at
>
> 
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:159)
>        at
>
> 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>        at
>
> 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>        at
>
> 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:228)
>        at
>
> 
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
>        at
>
> 
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
>        at
>
> 
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
>        at
>
> 
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>        at
> 
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:212)
>        at
> 
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
>        at
>
> 
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:634)
>        at
> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:445)
>        at java.lang.Thread.run(Thread.java:595)
>
> Thanks and regards,
> Anand R
>
>
>
>
>
>
>
> DISCLAIMER:
>
> "The information in this e-mail and any attachment is intended only for
> the person to whom it is addressed and may contain confidential and/or
> privileged material. If you have received this e-mail in error, kindly
> contact the sender and destroy all copies of the original communication.
> IBS makes no warranty, express or implied, nor guarantees the accuracy,
> adequacy or completeness of the information contained in this email or 
any
> attachment and is not liable for any errors, defects, omissions, viruses
> or for resultant loss or damage, if any, direct or indirect."
>
>
>
>
>







DISCLAIMER: 

"The information in this e-mail and any attachment is intended only for 
the person to whom it is addressed and may contain confidential and/or 
privileged material. If you have received this e-mail in error, kindly 
contact the sender and destroy all copies of the original communication. 
IBS makes no warranty, express or implied, nor guarantees the accuracy, 
adequacy or completeness of the information contained in this email or any 
attachment and is not liable for any errors, defects, omissions, viruses 
or for resultant loss or damage, if any, direct or indirect."





Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message