cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Thomsen <mikerthom...@gmail.com>
Subject Re: Configuring CXF to work with WS-Security
Date Fri, 11 Jan 2013 12:35:00 GMT
I turned on debugging at the log4j root logger and saw this:

07:06:22,754 DEBUG UsernameTokenProcessor:49 - Found UsernameToken list
element
07:06:22,754 DEBUG UsernameTokenValidator:78 - UsernameToken user Mike
07:06:22,754 DEBUG UsernameTokenValidator:79 - UsernameToken password type
null
07:06:22,754 DEBUG TimestampProcessor:46 - Found Timestamp list element
07:06:22,754 DEBUG Timestamp:151 - Current time: 2013-01-11T12:06:22.754Z
07:06:22,754 DEBUG Timestamp:156 - Timestamp created:
2013-01-11T12:06:22.738Z
07:06:22,754 DEBUG Timestamp:162 - Timestamp expires:
2013-01-11T12:11:22.738Z
07:06:22,785 DEBUG Timestamp:342 - Validation of Timestamp: Everything is ok
Jan 11, 2013 7:06:22 AM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
checkActions
WARNING: Security processing failed (actions mismatch)
Jan 11, 2013 7:06:22 AM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
handleMessage
WARNING:
org.apache.ws.security.WSSecurityException: An error was discovered
processing the <wsse:Security> header

I then tried these changes:

1. Changed the client to send a dummy password in plain text.
2. Put the dummy password into the CXF service's interceptor configuration.
3. Added a CallbackHandler to the service's WSS4JInInterceptor that set the
dummy password on the WSPasswordCallback.

That passed through the security checks just fine. Do you have any
suggestions on how to make UsernameToken validation pass without any
password tag?

Thanks,

Mike


On Fri, Jan 11, 2013 at 5:34 AM, Colm O hEigeartaigh <coheigea@apache.org>wrote:

> Hi Mike,
>
> Turn logging to "DEBUG" and see what the reason for the
> "WSSecurityException" was.
>
> Colm.
>
> On Thu, Jan 10, 2013 at 9:14 PM, Mike Thomsen <mikerthomsen@gmail.com
> >wrote:
>
> > I'm still fairly new to CXF and Java web services, so please bear with
> me.
> > The service I am calling expects a WS-Security header like this:
> >
> > <SOAP-ENV:Header>
> >     <wsse:Security xmlns:wsse="
> >
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> > "
> > soapenv:mustUnderstand="1">
> >         <wsu:Timestamp xmlns:wsu="
> >
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> > "
> > wsu:Id="Timestamp-29345020">
> >             <wsu:Created>2008-11-24T19:17:43.880Z</wsu:Created>
> >             <wsu:Expires>2008-11-24T19:22:43.880Z</wsu:Expires>
> >         </wsu:Timestamp>
> >         <wsse:UsernameToken xmlns:wsu="
> >
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> > "
> > wsu:Id="UsernameToken-18724539">
> >             <wsse:Username>Mike</wsse:Username>
> >         </wsse:UsernameToken>
> >     </wsse:Security>
> > </SOAP-ENV:Header>
> >
> > (No password)
> >
> > This is how I have it configured in my beans.xml file:
> >
> > <jaxws:endpoint id="managementService"
> > implementor="com.mycompany.ManagementService"
> address="/ManagementService">
> >         <jaxws:inInterceptors>
> >             <bean
> > class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
> >                 <constructor-arg>
> >                     <map>
> >                         <entry key="action" value="UsernameToken
> > Timestamp"/>
> >                         <entry key="passwordType" value="PasswordNone"/>
> >                     </map>
> >                 </constructor-arg>
> >             </bean>
> >         </jaxws:inInterceptors>
> >     </jaxws:endpoint>
> >
> > When I run the client I get this exception:
> >
> > org.apache.ws.security.WSSecurityException: An error was discovered
> > processing the <wsse:Security> header
> >
> > I know the client (Spring-WS, not CXF) is sending WS-Security headers
> based
> > on the debugging output from it.
> >
> > Any help would be appreciated.
> >
> > Thanks,
> >
> > Mike
> >
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message