cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From venkatesham nalla <v_na...@hotmail.com>
Subject RE: WSS4JStax interceptor issues in Apache CXF 3.0.0
Date Wed, 10 Sep 2014 20:34:47 GMT
Hi Colm,
With the following Callback Handler it is working OK, but still the callback handler is called
twice for every request. I am not sure why it needs to be called twice? and what is the purpose
of this extra password?
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
{		System.out.println("=======================");		System.out.println("Handle - Callback length
= " + callbacks.length);		System.out.println("=======================");		System.out.flush();
       for (int i = 0; i < callbacks.length; i++) {            WSPasswordCallback pc =
(WSPasswordCallback)callbacks[i];
            		String id = pc.getIdentifier();		String pass = passwords.get(id);		if (pass
== null) {			pass = "doNotKnowWhyThisIsRequired";		}
         		             if (pass == null) {                throw new SecurityException ("The
UsernameToken '"+pc.getIdentifier()+"' can not be authenticated.");            }         
  else if (pass != null) {                pc.setPassword(pass);                return;   
        }        }
        //        // Password not found        //        throw new IOException();    }

Thanks,Venkat

From: v_nalla@hotmail.com
To: coheigea@apache.org
Subject: RE: WSS4JStax interceptor issues in Apache CXF 3.0.0
Date: Wed, 10 Sep 2014 17:04:18 +0000




With the Callback Handler code given below it is resulting in same error for every request.
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
{        for (int i = 0; i < callbacks.length; i++) {            WSPasswordCallback pc
= (WSPasswordCallback)callbacks[i];
            String pass = passwords.get(pc.getIdentifier());                       if (pass
== null) {                throw new SecurityException ("The UsernameToken '"+pc.getIdentifier()+"'
can not be authenticated.");            }            else if (pass != null) {            
   pc.setPassword(pass);                return;            }        }
        //        // Password not found        //        throw new IOException();    }
Thanks,Venkat
Date: Wed, 10 Sep 2014 14:42:52 +0100
Subject: Re: WSS4JStax interceptor issues in Apache CXF 3.0.0
From: coheigea@apache.org
To: v_nalla@hotmail.com


You can test by checking out the latest WSS4J + CXF sources + building them locally (or waiting
until the SNAPSHOTS have deployed to Maven). It's a minor issue though...why do you need the
fix? It just accepts the CallbackHandler for a password + proceeds as normal after that.

Colm.

On Wed, Sep 10, 2014 at 2:41 PM, venkatesham nalla <v_nalla@hotmail.com> wrote:
Hi Colm,
Thanks for the update. How can I get the updated code?

ThxVenkat Nalla
On Sep 10, 2014, at 5:43 AM, "Colm O hEigeartaigh" <coheigea@apache.org> wrote:


I took another look at this issue. The reason the CallbackHandler is being called twice, once
without an identifier, is that the JasyptPasswordEncryptor asks the CallbackHandler for a
password on startup. The JasyptPasswordEncryptor is a new feature in WSS4J 2.0.0, which allows
you to have encrypted passwords in Crypto properties files. I have merged a fix to WSS4J to
only query the CallbackHandler for a password when it is actually needed. 

Colm.

On Fri, Aug 22, 2014 at 8:50 AM, Colm O hEigeartaigh <coheigea@apache.org> wrote:

The logging issue is an interceptor ordering issue that Dan has just fixed on trunk. With
regards to the password callback issue, could you create a test-case that I could take a look
at? I don't see anything obviously wrong in the code you pasted.


Colm.


On Thu, Aug 21, 2014 at 7:16 PM, venkatesham nalla <v_nalla@hotmail.com> wrote:

Hi Colm,

I have tested with CXF 3.0.1 as well and results are same.The SOAP Request and Password Callback
code are included below.

Yes I have enabled the logging, which does not log outbound message on the client side when
WSS4JStaxOutInterceptor is used. However the inbound message is getting logged.

SOAP Request:

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">  <soap:Header>
          <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
soap:mustUnderstand="1">                  <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="G0174fea5-ef7f-435e-8d5f-36a3143ffaa4">                              <wsse:Username>theUserName</wsse:Username>
                             <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">thePassword</wsse:Password>
                      </wsse:UsernameToken>           </wsse:Security>       
</soap:Header>  <soap:Body>             <TwowayStructStringRequest xmlns="http://test.com/struct/xsd">
                 <PerfStructStringArrayVal>                              <Item>
                                 <StringVal>String</StringVal>               
                   <DoubleVal>18446744073709551616</DoubleVal>               
                     <FloatVal>4294967296</FloatVal>                         
       <CharVal>a</CharVal>                                    <LongVal>4294967296</LongVal>
                                  <ShortVal>65536</ShortVal>                 
            </Item>                 </PerfStructStringArrayVal>             </TwowayStructStringRequest>
   </soap:Body></soap:Envelope>


Password Callback Code (this code works with WS-SecurityPolicy as well as WSS4J old interceptors.

public class ServerPasswordCallback implements CallbackHandler {

    private Map<String, String> passwords =        new HashMap<String, String>();

    public ServerPasswordCallback() {        passwords.put("theUserName", "thePassword");
       passwords.put("abcd", "dcba");    }

    /**     * Here, we attempt to get the password from the private     * alias/passwords
map.     */    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
{        for (int i = 0; i < callbacks.length; i++) {            WSPasswordCallback pc
= (WSPasswordCallback)callbacks[i];


            String pass = passwords.get(pc.getIdentifier());                      if (pass
== null) {                throw new SecurityException ("The UsernameToken '"+pc.getIdentifier()+"'
can not be authenticated.");            }            else if (pass != null) {            
   pc.setPassword(pass);                return;            }        }


        //        // Password not found        //        throw new IOException();    }

    /**     * Add an alias/password pair to the callback mechanism.     */    public void
setAliasPassword(String alias, String password) {        passwords.put(alias, password); 
  }}

Client configuration with WSS4JStaxOutInterceptor:

<jaxws:client name="..." createdFromAPI="true">         <jaxws:outInterceptors>
                                        <bean class="org.apache.cxf.ws.security.wss4j.WSS4JStaxOutInterceptor">
                        <constructor-arg>                                       <map>
                                          <entry key="action" value="UsernameToken"/>
                                            <entry key="user" value="theUserName"/>
                                        <entry key="passwordType" value="PasswordText"/>
                                               <entry key="passwordCallbackRef" value-ref="clientCallback"/>
                                  </map>                          </constructor-arg>
                     </bean>         </jaxws:outInterceptors>        </jaxws:client>
<bean id="clientCallback" class="com.att.cio.rpcperf.client.ClientPasswordCallback"/>
  <cxf:bus>               <cxf:features>                  <cxf:logging/>
                                 </cxf:features> </cxf:bus>


Thanks,Venkat



> Date: Thu, 21 Aug 2014 16:33:03 +0100

> Subject: Re: WSS4JStax interceptor issues in Apache CXF 3.0.0

> From: coheigea@apache.org

> To: users@cxf.apache.org

>

> Hi,

>

> > 1)      The client with WSS4JStaxOutInterceptor (WSS4J-2.0.0) is not

> working. It is throwing the exception.

>

> It was a bug in WSS4J 2.0.0 (SOAP schemas were not included), fixed in

> WSS4J 2.0.1.

>

> > 2)      I replaced the WSS4J 2.0.0 jar’s with WSS4J 2.0.1 jar and the

> client side works fine. However with 2.0.0 and 2.0.1 the server > side code

> was not getting the User Name in password callback handler when

> WSS4JStaxInInterceptor used, basically

> > “getIdentifier” method returns an empty string. Everything works fine

> with old WSS4J interceptors as well as WS-SecurityPolicy.

>

> This seems odd. Could you paste in what the UsernameToken from the message

> looks like, what the CallbackHandler implementation looks like?

>

> > 3)      WSS4JStaxOutInterceptor does not log the outbound message when

> the logging enabled.

>

> Do you mean that if you enable the CXF logging interceptors, it doesn't log

> the message? WSS4JStaxOutInterceptor itself doesn't log the message.

>

> Colm.

>

> On Wed, Aug 20, 2014 at 7:22 PM, NALLA, VENKAT <vn2158@att.com> wrote:

>

> >  Hi Colm,

> >

> >

> >

> > I am using Apache CXF version 3.0.0 and testing JAX-WS services with

> > WS-Security UsernameToken profile with plain password, and running in to

> > following issues. Appreciate if you could help in resolving these issues.

> >

> >

> >

> > 1)      The client with WSS4JStaxOutInterceptor (WSS4J-2.0.0) is not

> > working. It is throwing the exception.

> >

> > a.       Exception using Oracle JDK 7 on Windows 7 desktop in the

> > attached file “OracleJDK7WSS4J-2.0.0-ClientException on Win7.txt”

> >

> > b.      Exception using IBM JDK 7 on AIX in the attached file

> > “IBMJDK7-WSS4j-2.0.0ClientException on AIX.txt”

> >

> >

> >

> > 2)      I replaced the WSS4J 2.0.0 jar’s with WSS4J 2.0.1 jar and the

> > client side works fine. However with 2.0.0 and 2.0.1 the server side code

> > was not getting the User Name in password callback handler when

> > WSS4JStaxInInterceptor used, basically “getIdentifier” method returns an

> > empty string. Everything works fine with old WSS4J interceptors as well as

> > WS-SecurityPolicy.

> >

> > 3)      WSS4JStaxOutInterceptor does not log the outbound message when

> > the logging enabled.

> >

> >

> >

> > The server configuration:

> >

> >                 <jaxws:endpoint name="…" createdFromAPI="true">

> >

> >                                 <jaxws:inInterceptors>

> >

> >

> >

> >                                                 <bean class="

> > org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor">

> >

> >                                                                 <

> > constructor-arg>

> >

> >

> > <map>

> >

> >

> > <entry key="action" value="UsernameToken"/>

> >

> >

> > <entry key="passwordType" value="PasswordText"/>

> >

> >

> > <entry key="passwordCallbackClass" value="...ServerPasswordCallback"/>

> >

> >

> > </map>

> >

> >                                                                 </

> > constructor-arg>

> >

> >                                                 </bean>

> >

> >                                 </jaxws:inInterceptors>

> >

> >                 </jaxws:endpoint>

> >

> >

> >

> > Thanks,

> >

> > Venkat

> >

> > --

> > Colm O hEigeartaigh

> >

> > Talend Community Coder

> > http://coders.talend.com

> >

> >

                                          

-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com




-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com




-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

 		 	   		   		 	   		  
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message