Return-Path: Delivered-To: apmail-cxf-users-archive@www.apache.org Received: (qmail 93206 invoked from network); 3 Feb 2011 11:12:35 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 3 Feb 2011 11:12:35 -0000 Received: (qmail 40456 invoked by uid 500); 3 Feb 2011 11:12:34 -0000 Delivered-To: apmail-cxf-users-archive@cxf.apache.org Received: (qmail 40306 invoked by uid 500); 3 Feb 2011 11:12:32 -0000 Mailing-List: contact users-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@cxf.apache.org Delivered-To: mailing list users@cxf.apache.org Received: (qmail 40298 invoked by uid 99); 3 Feb 2011 11:12:31 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 03 Feb 2011 11:12:31 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of sberyozkin@gmail.com designates 209.85.214.41 as permitted sender) Received: from [209.85.214.41] (HELO mail-bw0-f41.google.com) (209.85.214.41) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 03 Feb 2011 11:12:26 +0000 Received: by bwz16 with SMTP id 16so1531307bwz.0 for ; Thu, 03 Feb 2011 03:12:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=7+NxzGx+a0mWbWmePbg5eLr4uzGu6GkDapQ9lliC3J8=; b=QKOosCZltPPAiRFxQ2D2ndL5KlKuCOwZQ1y2yGihz3Vdw8IvX0o7O9aSR18Gds+ilD CArsxoEfOs+rjw+6Q/+cRwHMfQySUZMTkiS1n3m2/0rkxrfoQ8qYJ1VmO6KMuuOZ8DGn IaD3NkDwhJ07eHF/O4/AafghvYQ522pzuiegc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=lRsSWi04nZZtlOcAJunyV2dU3rxN0mqy+XGYjSfBwQUf+r2sTSAeepY2bwJoiprkb9 x4s9bQxWinR4/bJ4pUwzl/g0j2iLwl9v/lixavYXjHpkWHiJWHqsE0CWPckcwW+UHO26 VAQhZpu3OkUfuW/UUvIGpBRnJEP+yqamkGUcA= MIME-Version: 1.0 Received: by 10.204.23.202 with SMTP id s10mr4387196bkb.173.1296731524413; Thu, 03 Feb 2011 03:12:04 -0800 (PST) Received: by 10.204.61.78 with HTTP; Thu, 3 Feb 2011 03:12:04 -0800 (PST) In-Reply-To: References: Date: Thu, 3 Feb 2011 11:12:04 +0000 Message-ID: Subject: Re: Problem with AbstractUsernameTokenInInterceptor From: Sergey Beryozkin To: users@cxf.apache.org Content-Type: multipart/alternative; boundary=000325556b52e1c48f049b5ed5f1 --000325556b52e1c48f049b5ed5f1 Content-Type: text/plain; charset=ISO-8859-1 Hi What WS-Security namespace is being used in the request ? If the "ws-security.ut.no-callbacks" is set to true then the org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor should not be invoked because it does currently require a callback for hashed UTs. So if the property is set then the WSS4JInInterceptor registers a custom UsernameTokenProcessor for " http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd " and "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd". Thanks, Sergey On Thu, Feb 3, 2011 at 10:51 AM, Anand R wrote: > Hi Sergey, > > Thanks for your response. I used to get the following exception when I did > not configure a callback handler. This exception does not come if the > password is plain text instead of a digest. > > org.apache.cxf.interceptor.Fault: General security error > (WSSecurityEngine: No password callback supplied) > at > > org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.processUsernameToken(UsernameTokenInterceptor.java:154) > at > > org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.handleMessage(UsernameTokenInterceptor.java:114) > at > > org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.handleMessage(UsernameTokenInterceptor.java:72) > at > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:255) > at > > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:113) > at > > org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:97) > at > > org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:461) > at > > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:188) > at > > org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServlet.java:148) > at > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:179) > at > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:103) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) > at > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:159) > at > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) > at > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:228) > at > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) > at > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) > at > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) > at > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:212) > at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) > at > > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:634) > at > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:445) > at java.lang.Thread.run(Thread.java:595) > Caused by: org.apache.ws.security.WSSecurityException: General security > error (WSSecurityEngine: No password callback supplied) > at > > org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:91) > at > > org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.getPrincipal(UsernameTokenInterceptor.java:167) > at > > org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.processUsernameToken(UsernameTokenInterceptor.java:129) > ... 24 more > > > Thanks and regards, > Anand R > System Architect > IBS Software Services Private Limited > 2nd Floor - Left Wing, IBS Towers, Technopark Campus, Trivandrum - 695581, > Kerala, India > Telephone - +91-471-6614291, Mobile - +91-9846324022 > E-Mail - anand.raman@ibsplc.com, www.ibsplc.com > > > > > From: Sergey Beryozkin > To: users@cxf.apache.org > Date: 03-02-11 04:08 PM > Subject: Re: Problem with AbstractUsernameTokenInInterceptor > > > > Hi > > On Thu, Feb 3, 2011 at 6:37 AM, Anand R wrote: > > > Hi, > > > > My requirement is to perform a custom authentication on the username and > > password that I receive as part of the UsernameToken header in the > > incoming SOAP request. I discovered that cxf-2.3.2 provides an > > AbstractUsernameTokenInInterceptor to perform this. I extended this > class > > and created my interceptor that overrides the createSubject method. When > I > > configure my interceptor in my beans.xml as shown below, I am getting an > > exception. > > > > This exception comes up when I use a password digest. The plain text > > password works fine. Is there any problem in the way I have configured > my > > interceptor? > > > > > > Entry in beans.xml > > > > > implementor="learn.wssecurity.echo.EchoServiceImpl" > > wsdlLocation="wsdl/echo/EchoService.wsdl" > > address="/EchoService"> > > > > > class="learn.wssecurity.echo.WSSUsernameTokenInterceptor"/> > > > > > > > value="learn.wssecurity.echo.ServerPasswordCallback" /> > > > value="true" /> > > > > > > > > > > What is the purpose of registering ServerPasswordCallback ? If you set a > "ws-security.ut.no-callbacks" property then you only need a callback if > you > have an encrypted UT, so that the UT can be decrypted. > So this callback that you're registering may be interfering in the case > when > you have a hashed UT token, can you remove it please and see what happens > ? > > Cheers, Sergey > > > > > > > > Exception > > > > java.lang.SecurityException: Security Token is not available on the > > current message > > at > > > > > > org.apache.cxf.interceptor.security.AbstractSecurityContextInInterceptor.reportSecurityException(AbstractSecurityContextInInterceptor.java: > > 88) > > at > > > > > > org.apache.cxf.interceptor.security.AbstractSecurityContextInInterceptor.handleMessage(AbstractSecurityContextInInterceptor.java:47) > > at > > > > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:255) > > at > > > > > > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:113) > > at > > > > > > org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:97) > > at > > > > > > org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:461) > > at > > > > > > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:188) > > at > > > > > > org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServlet.java:148) > > at > > > > > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:179) > > at > > > > > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:103) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) > > at > > > > > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:159) > > at > > > > > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) > > at > > > > > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > > at > > > > > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:228) > > at > > > > > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) > > at > > > > > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) > > at > > > > > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) > > at > > > > > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > > at > > > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:212) > > at > > > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) > > at > > > > > > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:634) > > at > > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:445) > > at java.lang.Thread.run(Thread.java:595) > > > > Thanks and regards, > > Anand R > > > > > > > > > > > > > > > > DISCLAIMER: > > > > "The information in this e-mail and any attachment is intended only for > > the person to whom it is addressed and may contain confidential and/or > > privileged material. If you have received this e-mail in error, kindly > > contact the sender and destroy all copies of the original communication. > > IBS makes no warranty, express or implied, nor guarantees the accuracy, > > adequacy or completeness of the information contained in this email or > any > > attachment and is not liable for any errors, defects, omissions, viruses > > or for resultant loss or damage, if any, direct or indirect." > > > > > > > > > > > > > > > > > > DISCLAIMER: > > "The information in this e-mail and any attachment is intended only for > the person to whom it is addressed and may contain confidential and/or > privileged material. If you have received this e-mail in error, kindly > contact the sender and destroy all copies of the original communication. > IBS makes no warranty, express or implied, nor guarantees the accuracy, > adequacy or completeness of the information contained in this email or any > attachment and is not liable for any errors, defects, omissions, viruses > or for resultant loss or damage, if any, direct or indirect." > > > > > --000325556b52e1c48f049b5ed5f1--