cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Zhang <zhng...@hotmail.com>
Subject Re: UsernameToken JBoss Integration
Date Fri, 01 Apr 2011 05:38:26 GMT
Hello Sergey,

if i remove the password callback, i get another error message:
General security error (WSSecurityEngine: Callback supplied no password for: myAlias)

The keystore.properties file contains only the password for the keystore, not for the private
key inside the keystore. Also i can not find a way to create a private key without password
by the java keytool.

Is there another way to provide the password besides the password callback? Is there maybe
a property in the keystore.properties file? I cannot find a suitable property in this list:
http://cxf.apache.org/docs/ws-securitypolicy.html

This is the content of the keystore.properties. The ${}-parts are replaced by maven with actual
values:


org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=${keystore.password}
org.apache.ws.security.crypto.merlin.keystore.alias=${certificate.alias}
org.apache.ws.security.crypto.merlin.file=${keystore.path}



Thank you
David

-----Urspr√ľngliche Nachricht----- 
From: Sergey Beryozkin 
Sent: Thursday, March 31, 2011 10:21 PM 
To: users@cxf.apache.org 
Subject: Re: UsernameToken JBoss Integration 

Hi -

You don't need a password callback in this case.

Cheers, Sergey

On Thu, Mar 31, 2011 at 7:42 PM, David Zhang <zhngdvd@hotmail.com> wrote:

> Hi Sergey,
>
> thank you very much for taking the time to help me.
> I have set the property you mentioned. Look, this is my configuration:
>
>
> <jaxws:endpoint id="SecureServiceBean"
>
> address="/example-ejb/SecureService"
>
> implementor="com.example.SecureServiceBean">
>
> <jaxws:invoker>
>
> <bean class="org.jboss.wsf.stack.cxf.InvokerEJB3" />
>
> </jaxws:invoker>
>
> <jaxws:inInterceptors>
>
>
> <bean class="com.example.AuthenticationInterceptor1"/>
>
> </jaxws:inInterceptors>
>
> <jaxws:properties>
>
> <entry key="ws-security.ut.no-callbacks" value="true" />
>
> <!--<entry key="ws-security.validate.token" value="false" />-->
>
> <entry key="ws-security.signature.properties" value="keystore.properties"
> />
>
> <entry key="ws-security.encryption.properties" value="keystore.properties"
> />
>
> <entry key="ws-security.callback-handler"
> value="com.example.PasswordCallback" />
>
> </jaxws:properties>
>
> </jaxws:endpoint>
>
> Where com.example.AuthenticationInterceptor1 extends
> AbstractUsernameTokenInInterceptor.
> This results in:
> 12:01:12,770 ERROR
> [org.apache.cxf.interceptor.security.AbstractSecurityContextInInterceptor]
> Security Token is not available on the current message
>
> Thanks
> David
>
>
> -----Urspr√ľngliche Nachricht-----
> From: Sergey Beryozkin
> Sent: Thursday, March 31, 2011 11:06 AM
> To: users@cxf.apache.org
> Subject: Re: UsernameToken JBoss Integration
>
> Hi
>
> Please check this section:
>
>
> http://cxf.apache.org/docs/security.html#Security-WSSecurityUsernameTokenandCustomAuthentication
>
> In 2.3.x you have to set a "ws-security.ut.no-callbacks" property and this
> will ensure AbstractUserNameTokenInterceptor can be used.
>
> Setting this property results in WSS4JInInterceptor duplicating WSS4J
> specific UT into CXF specific UsernameToken which is what
> AbstractUserNameTokenInterceptor is checking.
>
> Cheers, Sergey
>
> On Thu, Mar 31, 2011 at 8:42 AM, David Zhang <zhngdvd@hotmail.com> wrote:
>
> >
> > Hello,
> >
> >
> >
> > i have a web service with symmetric binding and self-signed server
> > certificate.
> >
> > I implemented a password callbackhandler for the password to the private
> > key of the server.
> >
> > Now i want to add authentication with username token. So i added a
> > supporting token to the ws security policy.
> >
> >
> >
> > To this point everything works fine. The server gets an encrypted request
> > with a username token.
> >
> > My concern is that i do not want to do the authentication in my
> > application. I want to integrate the username token with JBoss Security.
> >
> >
> >
> > So i followed these instructions:
> >
> http://community.jboss.org/wiki/JBossWS-StackCXFUserGuide#Authentication_and_authorization
> >
> > However, it did not work. I used a debugger to check and i saw the
> > authentication interceptor was created when my app was deployed but it
> was
> > never called on a client request.
> >
> >
> >
> > Later i found this:
> >
> http://svn.apache.org/repos/asf/cxf/tags/cxf-2.3.3/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/SimpleSubjectCreatingInterceptor.java
> >
> > I implemented an interceptor following that example. I put a breakpoint
> on
> > the createSubject method. It was never called.
> >
> >
> >
> > Then i followed this example:
> >
> http://svn.apache.org/repos/asf/cxf/tags/cxf-2.3.3/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/SimpleUsernameTokenInterceptor.java
> >
> > At least i know this interceptor was called. But it produced an error
> > before the createSubject method was called. The error says: Security
> Token
> > is not available on the current message
> >
> >
> >
> > But this can not be true. Because then i removed the interceptor removed
> > the property ws-security.ut.no-callbacks and on the next request my
> password
> > callbackhandler was called with the username i set on the client.
> >
> >
> >
> > Please, can anybody explain me what i am doing wrong?
> >
> >
> >
> > Thanks
> >
> > David
> >
>
>
>
>
> --
> Sergey Beryozkin
>
> Application Integration Division of Talend <http://www.talend.com>
> http://sberyozkin.blogspot.com




-- 
Sergey Beryozkin

Application Integration Division of Talend <http://www.talend.com>
http://sberyozkin.blogspot.com
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message