cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: JAASLoginInterceptor getting MustUnderstand headers for oasis-200401-wss-wssecurity-secext-1.0.xsd
Date Thu, 03 Jan 2013 10:15:10 GMT
At a guess, could the @InInterceptors annotation be overriding the
jaxws:inInterceptors spring configuration? Try removing one of them and add
all the interceptors in the same place. Failing that, then turn logging up
to FINE and take a look at see what the interceptor chain looks like.

Colm.

On Fri, Dec 28, 2012 at 4:10 PM, Caspar MacRae <earcam@gmail.com> wrote:

> Oops, just spotted an error in the service annotations @InInterceptors
> contains the outward GZIP, I've moved this to @OutInterceptors but looking
> at previous logs this was correctly ignored and correcting this doesn't
> change anything else.
>
> On 28 December 2012 15:56, Caspar MacRae <earcam@gmail.com> wrote:
>
> >
> > Hello,
> >
> > I'm a bit stuck with ws-security (all is working well without it).
> > Apologies for the length.
> >
> > I have some services (on Karaf 2.3.0 (Java 1.6, Felix 4.0.3, Linux64))
> > exposed via CXF (2.7.0, as SOAP 1.1) to a C# client (WSE v3), using
> > blueprint to generate the webservice proxies.
> >
> > Unlikely to be pertinent but I'm not using pax-web instead have a custom
> > Jetty (8.1.1.v20120215) with Equinox HttpService.  As this is in
> > development, I just install the full cxf feature and afterwards remove
> the
> > jetty and pax-web bundles.
> >
> > Also the JAAS context works fine with a webapp etc.
> >
> >
> > Having looking at http://cxf.apache.org/docs/ws-security.html"WS-Security
> UsernameToken and Custom Authentication" and
> >
> http://servicemix.396122.n5.nabble.com/JAAS-configuration-ClassNotFoundException-UsernameTokenProcessor-td4794258.htmland
> > http://fusesource.com/issues/browse/SF-213 and
> > http://fusesource.com/docs/mirrors/cxf/index/security.html
> >
> > (Please note: I've xxx'd out potentially sensitive details)
> >
> > I've defined the JAASLoginInterceptor as:
> >
> >     <bean id="authenticationInterceptor"
> > class="org.apache.cxf.interceptor.security.JAASLoginInterceptor">
> >         <property name="contextName" value="xxxx" />
> >         <property name="roleClassifierType" value="classname" />
> >         <property name="roleClassifier" value="RolePrincipal" />
> >     </bean>
> >
> > And WSS4JInInterceptor as:
> >
> >     <bean id="wssInterceptor"
> > class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
> >         <argument>
> >             <map>
> >                 <entry key="action" value="UsernameToken" />
> >                 <entry key="passwordType" value="PasswordText" />
> >             </map>
> >         </argument>
> >     </bean>
> >
> > In the endpoints, I then have:
> >
> >         <jaxws:properties>
> >             <entry key="ws-security.validate.token" value="false" />
> >         </jaxws:properties>
> >         <jaxws:inInterceptors>
> >             <ref component-id="wssInterceptor" />
> >             <ref component-id="authenticationInterceptor" />
> >         </jaxws:inInterceptors>
> >
> >
> > My services have the following gamut of annotations:
> >
> > @SOAPBinding(style = RPC, parameterStyle = BARE)
> > @WebService
> > @InInterceptors(interceptors = {
> >     "org.apache.cxf.transport.common.gzip.GZIPInInterceptor",
> >     "org.apache.cxf.transport.common.gzip.GZIPOutInterceptor"
> > })
> > @Features(features = {
> >     "org.apache.cxf.feature.LoggingFeature",
> >     "org.apache.cxf.transport.common.gzip.GZIPFeature"
> > })
> > @Logging(pretty = true)
> > @GZIP
> > @RolesAllowed("rrrr")
> >
> >
> >
> > The C# client is an autogenerated file, edited to extend partial class
> > Microsoft.Web.Services3.WebServicesClientProtocol, and setup for test
> like
> > so:
> >
> > Service service = new Service();
> > UsernameToken token = new UsernameToken("uuuu", "pppp",
> > PasswordOption.SendPlainText);
> > service.RequestSoapContext.Security.Tokens.Add(token);
> >
> >
> > The client is sending something like:
> >
> > <?xml version="1.0" encoding="utf-8"?>
> > <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
> >     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="
> > http://www.w3.org/2001/XMLSchema"
> >     xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
> >     xmlns:wsse="
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> > "
> >     xmlns:wsu="
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> > ">
> >     <soap:Header>
> >         <wsa:Action></wsa:Action>
> >
> >
> <wsa:MessageID>urn:uuid:a42f9599-b3ff-41d0-9f74-5de3bffafdf8</wsa:MessageID>
> >         <wsa:ReplyTo>
> >             <wsa:Address>
> > http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
> > </wsa:Address>
> >         </wsa:ReplyTo>
> >         <wsa:To>https://xxxxx:8443/cxf/yyyyy</wsa:To>
> >         <wsse:Security soap:mustUnderstand="1">
> >             <wsu:Timestamp
> > wsu:Id="Timestamp-5907ede1-f500-4c3e-8440-c3f5eaf879e2">
> >                 <wsu:Created>2012-12-28T14:53:59Z</wsu:Created>
> >                 <wsu:Expires>2012-12-28T14:58:59Z</wsu:Expires>
> >             </wsu:Timestamp>
> >             <wsse:UsernameToken
> >                 xmlns:wsu="
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> > "
> >
> > wsu:Id="SecurityToken-6f4adeee-90a2-46a2-8341-0919426c9942">
> >                 <wsse:Username>uuuu</wsse:Username>
> >                 <wsse:Password
> >                     Type="
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText
> > ">rrrr</wsse:Password>
> >                 <wsse:Nonce>Niu7lf3CTf+evQk+NOP5EQ==</wsse:Nonce>
> >                 <wsu:Created>2012-12-28T14:53:59Z</wsu:Created>
> >             </wsse:UsernameToken>
> >         </wsse:Security>
> >     </soap:Header>
> >     <soap:Body>
> >         <blah xmlns="http://xxxxxxxx/">
> >             <nullParameter xmlns="" />
> >         </blah>
> >     </soap:Body>
> > </soap:Envelope>
> >
> >
> > I've also tried ws-security.ut.no-callbacks, either way it deploys
> without
> > exception and cxf:list-endpoints shows them but I get 404s for every
> > request (including WSDL definitions).  Breakpoints in the handleMessage
> of
> > either interceptor are never reached.
> >
> > Without the jaxws:properties and wssInterceptor, when invoking from the
> C#
> > client I'm seeing the stacktrace listed at the end of this mail
> (obviously
> > this time breakpoint in JAASLoginInterceptor is reached).
> >
> >
> > Can anyone give me a hint as to what I'm missing or doing wrong?
> >
> >
> > thanks,
> > Caspar
> >
> >
> >
> > 2012-12-28 15:49:06,033 | WARN  | tp1706393036-180 |
> > PhaseInterceptorChain            | ache.cxf.common.logging.LogUtils  405
> |
> > 162 - org.apache.cxf.cxf-api - 2.7.0 | Interceptor for {
> >
> http://unknown.namespace/}Proxy6ad0492b_7c43_4d83_a3a0_322265321ceeServicehasthrown exception,
unwinding now
> > java.lang.SecurityException
> >     at
> >
> org.apache.cxf.interceptor.security.JAASLoginInterceptor.handleMessage(JAASLoginInterceptor.java:129)[163:org.apache.cxf.cxf-rt-core:2.7.0]
> >     at
> >
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)[162:org.apache.cxf.cxf-api:2.7.0]
> >     at
> >
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)[162:org.apache.cxf.cxf-api:2.7.0]
> >     at
> >
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:238)[190:org.apache.cxf.cxf-rt-transports-http:2.7.0]
> >     at
> >
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:222)[190:org.apache.cxf.cxf-rt-transports-http:2.7.0]
> >     at
> >
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:163)[190:org.apache.cxf.cxf-rt-transports-http:2.7.0]
> >     at
> >
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:137)[190:org.apache.cxf.cxf-rt-transports-http:2.7.0]
> >     at
> >
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:158)[190:org.apache.cxf.cxf-rt-transports-http:2.7.0]
> >     at
> >
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:239)[190:org.apache.cxf.cxf-rt-transports-http:2.7.0]
> >     at
> >
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:164)[190:org.apache.cxf.cxf-rt-transports-http:2.7.0]
> >     at
> >
> javax.servlet.http.HttpServlet.service(HttpServlet.java:575)[81:org.apache.geronimo.specs.geronimo-servlet_3.0_spec:1.0]
> >     at
> >
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:215)[190:org.apache.cxf.cxf-rt-transports-http:2.7.0]
> >     at
> >
> org.eclipse.equinox.http.servlet.internal.ServletRegistration.handleRequest(ServletRegistration.java:90)[116:org.eclipse.equinox.http.servlet:1.0.0.v20070606]
> >     at
> >
> org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:109)[116:org.eclipse.equinox.http.servlet:1.0.0.v20070606]
> >     at
> >
> org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:67)[116:org.eclipse.equinox.http.servlet:1.0.0.v20070606]
> >     at
> >
> javax.servlet.http.HttpServlet.service(HttpServlet.java:668)[81:org.apache.geronimo.specs.geronimo-servlet_3.0_spec:1.0]
> >     at
> >
> org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:594)[103:org.eclipse.jetty.servlet:8.1.1.v20120215]
> >     at
> >
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:485)[103:org.eclipse.jetty.servlet:8.1.1.v20120215]
> >     at
> >
> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)[101:org.eclipse.jetty.server:8.1.1.v20120215]
> >     at
> >
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1065)[101:org.eclipse.jetty.server:8.1.1.v20120215]
> >     at
> >
> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:412)[103:org.eclipse.jetty.servlet:8.1.1.v20120215]
> >     at
> >
> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:192)[101:org.eclipse.jetty.server:8.1.1.v20120215]
> >     at
> >
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:999)[101:org.eclipse.jetty.server:8.1.1.v20120215]
> >     at
> >
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)[101:org.eclipse.jetty.server:8.1.1.v20120215]
> >     at
> >
> org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:250)[101:org.eclipse.jetty.server:8.1.1.v20120215]
> >     at
> >
> org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:47)[101:org.eclipse.jetty.server:8.1.1.v20120215]
> >     at
> >
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:111)[101:org.eclipse.jetty.server:8.1.1.v20120215]
> >     at
> >
> org.eclipse.jetty.server.Server.handle(Server.java:351)[101:org.eclipse.jetty.server:8.1.1.v20120215]
> >     at
> >
> org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:454)[101:org.eclipse.jetty.server:8.1.1.v20120215]
> >     at
> >
> org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:890)[101:org.eclipse.jetty.server:8.1.1.v20120215]
> >     at
> >
> org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:944)[101:org.eclipse.jetty.server:8.1.1.v20120215]
> >     at
> >
> org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:634)[97:org.eclipse.jetty.http:8.1.1.v20120215]
> >     at
> >
> org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:230)[97:org.eclipse.jetty.http:8.1.1.v20120215]
> >     at
> >
> org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:76)[101:org.eclipse.jetty.server:8.1.1.v20120215]
> >     at
> > org.eclipse.jetty.io.nio.SslConnection.handle(SslConnection.java:191)[96:
> org.eclipse.jetty.io:8
> > .1.1.v20120215]
> >     at
> >
> org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:609)[96:
> org.eclipse.jetty.io:8
> > .1.1.v20120215]
> >     at
> >
> org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:45)[96:
> org.eclipse.jetty.io:8
> > .1.1.v20120215]
> >     at
> >
> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:599)[95:org.eclipse.jetty.util:8.1.1.v20120215]
> >     at
> >
> org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:534)[95:org.eclipse.jetty.util:8.1.1.v20120215]
> >     at java.lang.Thread.run(Thread.java:662)[:1.6.0_35]
> >
> >
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message