geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "rahul.soa" <rahul....@googlemail.com>
Subject Re: [soap:Fault] <faultstring>pwd == null but a password is needed</faultstring>
Date Mon, 27 Jul 2009 07:42:04 GMT
Many Thanks David for your efforts in helping me out. That will be very
helpful.

Will it be a good idea to forward my doubt to CXF and WSS4J developers
community?

Best Regards,
Rahul


On Mon, Jul 27, 2009 at 1:35 AM, David Jencks <david_jencks@yahoo.com>wrote:

> I chatted with Rahul on IRC a bit, and it looks to me as if his code is
> doing what cxf and wss4j expect.
> I think the next step is to figure out exactly where the fault is coming
> from.
>
> I would grep the cxf and wss4j source code for "but a password is needed".
>  If that doesn't find the source I would run geronimo in the debugger and
> put a breakpoint at the end of the handle(CallbackHandler handler) method
> and step through the code.
>
> I also wonder if the fault is from the WSS4jOutInterceptor.
>
> thanks
> david jencks
>
>  On Jul 26, 2009, at 4:20 PM, rahul.soa wrote:
>
> Just one amendment here in my speculation about the fault cause.
>
> I wrote this in the previous thread,
>
>
> "but I dont know why I am getting this error pwd == null but a password is
> needed at pwcb.setPassword(passwd);"
>
> Now, i dont think this fault is coming from here
> pwcb.setPassword(passwd);
>
> as I have tested it by removing the following code to be sure about the
> fault
>
>   if (!pwcb.getPassword().equals(passwd)) {
>                     LOG.debug("wrong password");
>                     throw new IOException("wrong password");
>                 } else {
>                     LOG.debug("I am setting the password here   ::::" +
> passwd);
>                     pwcb.setPassword(passwd);
>                 }
>
> from ServerPasswordHandler and I still have the same fault error in the
> response.
>
> Please correct me if I am wrong somewhere. I am not sure where this fault
> come from?
>
> Thank you.
>
> Best Regards,
> Rahul
> On Mon, Jul 27, 2009 at 12:07 AM, rahul.soa <rahul.soa@googlemail.com>wrote:
>
>> Hello David/Devs,
>>
>> Objective: trying to set web service security at serverside:
>>
>> I am getting an error while accessing the secured webservice. The soap
>> fault I am receiving is below:
>>
>> *Response:*
>>
>> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/
>> "><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>*pwd
>> == null but a password is needed*
>> </faultstring></soap:Fault></soap:Body></soap:Envelope>
>> *
>> Request:*
>>
>> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><wsse:Security
>> xmlns:wsse="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> soap:mustUnderstand="1"><wsse:UsernameToken xmlns:wsse="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>> wsu:Id="UsernameToken-32620541"><wsse:Username xmlns:wsse="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">system</wsse:Username><wsse:Password
>> xmlns:wsse="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> Type="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">manager</wsse:Password></wsse:UsernameToken></wsse:Security></soap:Header><soap:Body><add
>> xmlns="http://jws.samples.geronimo.apache.org
>> "><value1>2</value1><value2>2</value2></add></soap:Body></soap:Envelope>
>>
>>
>> How I am trying to do is,
>>
>> 1. At, server side (in the doPublish method of CXFEndpoint), I am setting
>> the WSS4JIn/OutInterceptor property for user token (please note: this is not
>> generic code at this moment)
>>
>>  protected void doPublish(String baseAddress) {
>>         // XXX: assume port 8080 by default since we don't know the actual
>> port
>>         // at startup
>>         String address = (baseAddress == null) ? "http://localhost:8080"
>>                 : baseAddress;
>>
>>         JaxWsServerFactoryBean svrFactory = new
>> GeronimoJaxWsServerFactoryBean();
>>         svrFactory.setBus(bus);
>>         svrFactory.setAddress(address + this.portInfo.getLocation());
>>         svrFactory.setServiceFactory(serviceFactory);
>>         svrFactory.setStart(false);
>>         svrFactory.setServiceBean(implementor);
>>
>>         if (HTTPBinding.HTTP_BINDING.equals(implInfo.getBindingType())) {
>>             svrFactory.setTransportId("
>> http://cxf.apache.org/bindings/xformat");
>>         }
>>
>>        // to receive the incoming username/password in soap request
>>         Map inProps = new HashMap();
>>         inProps.put(WSHandlerConstants.ACTION,
>>                 WSHandlerConstants.USERNAME_TOKEN);
>>         inProps.put(WSHandlerConstants.PASSWORD_TYPE,
>> WSConstants.PW_TEXT);
>>         inProps.put(WSHandlerConstants.USER, "system");
>>         inProps.put(WSHandlerConstants.PW_CALLBACK_REF,
>>                 new *ServerPasswordHandler*());
>>
>>         server = svrFactory.create();
>>         // to receive the secure header
>>         WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
>>        // to send the secure soap header
>>        WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(inProps);
>>         init();
>>
>>         org.apache.cxf.endpoint.Endpoint endpoint = getEndpoint();
>>
>>         endpoint.getInInterceptors().add(wssIn);
>>         endpoint.getInInterceptors().add(
>>                 new org.apache.cxf.binding.soap.saaj.SAAJInInterceptor());
>>
>>         endpoint.getOutInterceptors().add(wssOut);
>>         endpoint.getOutInterceptors().add(
>>                 new
>> org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor());
>>         LOG.debug("So far set the interceptor");
>> //
>>
>>         if (getBinding() instanceof SOAPBinding
>>                 && this.portInfo.isMTOMEnabled() != null) {
>>             ((SOAPBinding) getBinding()).setMTOMEnabled(this.portInfo
>>                     .isMTOMEnabled());
>>         }
>>
>>         server.start();
>>         LOG.debug("Invoked");
>>
>>     }
>>
>> I am setting up the login authentication and setting the password in the
>> Server Handler, like following:
>>
>>
>> public class ServerPasswordHandler implements CallbackHandler {
>>
>>     private static final Logger LOG = LoggerFactory
>>             ..getLogger(ServerPasswordHandler.class);
>>
>>     public void handle(Callback[] callbacks) throws IOException,
>>             UnsupportedCallbackException {
>>
>>         for (int i = 0; i < callbacks.length; i++) {
>>             WSPasswordCallback pwcb = (WSPasswordCallback) callbacks[i];
>>             if (pwcb.getUsage() ==
>> WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
>>                 LOG.debug("I am inside the ServerPasswordHandler");
>>                 String username = pwcb.getIdentifier();
>>                 String passwd = pwcb.getPassword();
>>
>>                 LoginContext context = null;
>>                 try {
>>                     // Login authentication goes here
>>                     // use the existing security realm for the moment for
>> testing
>>                     context = ContextManager.login("geronimo-admin",
>>                             new UsernamePasswordCallbackHandler(username,
>>                                     passwd));
>>                     // ContextManager.login(realm, callbackHandler,
>>                     // configuration)
>>                     context.login();
>>                     LOG.debug("login is successful");
>>                 } catch (LoginException e) {
>>                     LOG.debug("login failed");
>>                     throw new IOException("Unable to verify " + username
>>                             + " and " + passwd);
>>                 }
>>
>>                 //TODO: what to do with subject
>>                 Subject subject = context.getSubject();
>>                 ContextManager.setCallers(subject, subject);
>>
>>                     if (!pwcb.getPassword().equals(passwd)) {
>>                         LOG.debug("wrong password");
>>                         throw new IOException("wrong password");
>>                     } else {
>>                         *LOG.debug("I am setting the password here
>> ::::"
>>                                 + passwd);*
>>                        * pwcb.setPassword(passwd);*
>>                     }
>>
>>             }
>>
>>         }
>>     }
>>
>> }
>>
>>
>> In the traces, I can see the password value is "manager" which is sent by
>> client
>> I am setting the password here   ::::manager
>>
>> but I dont know why I am getting this error pwd == null but a password is
>> needed at pwcb.setPassword(passwd);
>>
>> Login authentication goes sucessful when the client provides the correct
>> username and password (which are "system and "manager" respectively). and
>> goes unsuccessful otherwise.
>>
>> The full trace from the geronimo.log is attached here: (there are some
>> debug statement to see the traces )
>>
>>
>>
>> 2009-07-27 01:26:17,809 DEBUG [JAXWSServiceReference] Initializing service
>> with:
>> file:/home/rahul/new_workspace1/GerominoWebClient/WEB-INF/wsdl/CalculatorService.wsdl
>> {http://jws.samples.geronimo.apache.org}Calculator
>> 2009-07-27 01:26:18,031 DEBUG [PortMethodInterceptor] Set address
>> property: http://localhost:8080/GerominoWeb/calculator
>> 2009-07-27 01:26:18,031 DEBUG [CXFPortMethodInterceptor] Username and
>> password sent by Clients are  :  system   manager
>> 2009-07-27 01:26:18,126 DEBUG [CXFPasswordHandler] I HAVE SET THE
>> VALUES       system and   manager
>> 2009-07-27 01:26:18,142 DEBUG [ServerPasswordHandler] I am inside the
>> ServerPasswordHandler
>> 2009-07-27 01:26:18,143 DEBUG [UsernamePasswordCallbackHandler] WHAT I GOT
>> HERE:  system   and   manager
>> 2009-07-27 01:26:18,143 DEBUG [UsernamePasswordCallbackHandler] Username
>> set to:   system
>> 2009-07-27 01:26:18,143 DEBUG [UsernamePasswordCallbackHandler] password
>> set to:   manager
>> 2009-07-27 01:26:18,144 DEBUG [UsernamePasswordCallbackHandler] WHAT I GOT
>> HERE:  system   and   manager
>> 2009-07-27 01:26:18,144 DEBUG [UsernamePasswordCallbackHandler] Username
>> set to:   system
>> 2009-07-27 01:26:18,144 DEBUG [UsernamePasswordCallbackHandler] password
>> set to:   manager
>> *2009-07-27 01:26:18,144 DEBUG [ServerPasswordHandler] login is
>> successful*
>> *2009-07-27 01:26:18,145 DEBUG [ServerPasswordHandler] I am setting the
>> password here   ::::manager*
>> *2009-07-27 01:26:18,313 INFO  [PhaseInterceptorChain] Interceptor has
>> thrown exception, unwinding now pwd == null but a password is needed*
>> 2009-07-27 01:26:18,376 ERROR [log] /jaxws-calculator/calculator
>> *javax.xml.ws.soap.SOAPFaultException: pwd == null but a password is
>> needed*
>>     at
>> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:145)
>>     at $Proxy67.add(Unknown Source)
>>     at CalculatorServlet.doGet(CalculatorServlet.java:42)
>>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:693)
>>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
>>     at
>> org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:521)
>>     at
>> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:435)
>>     at
>> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:118)
>>     at
>> org.eclipse.jetty.server.session.SessionHandler.handle(SessionHandler.java:179)
>>     at
>> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:928)
>>     at
>> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:370)
>>     at
>> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:862)
>>     at
>> org.apache.geronimo.jetty7.handler.GeronimoWebAppContext.doScope(GeronimoWebAppContext.java:107)
>>     at
>> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:116)
>>     at
>> org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:243)
>>     at
>> org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126)
>>     at
>> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:115)
>>     at org.eclipse.jetty.server.Server.handle(Server.java:337)
>>     at
>> org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:561)
>>     at
>> org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:943)
>>     at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:530)
>>     at
>> org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:203)
>>     at
>> org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:414)
>>     at
>> org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:437)
>>     at org.apache.geronimo.pool.ThreadPool$1.run(ThreadPool.java:214)
>>     at
>> org.apache.geronimo.pool.ThreadPool$ContextClassLoaderRunnable.run(ThreadPool.java:344)
>>     at
>> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
>>     at
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
>>     at java.lang.Thread.run(Thread.java:619)
>> *Caused by: org.apache.cxf.binding.soap.SoapFault: pwd == null but a
>> password is needed*
>>     at
>> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75)
>>     at
>> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46)
>>     at
>> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35)
>>     at
>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:226)
>>     at
>> org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:96)
>>     at
>> org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)
>>     at
>> org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
>>     at
>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:226)
>>     at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:641)
>>     at
>> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2102)
>>     at
>> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1980)
>>     at
>> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1905)
>>     at
>> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
>>     at
>> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:600)
>>     at
>> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
>>     at
>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:226)
>>     at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:469)
>>     at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:299)
>>     at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:251)
>>     at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
>>     at
>> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
>>     ... 28 more
>>
>>
>> Can you please let me know or correct me, why this is happening?, I think
>> if password is set correctly in the pwcb.setPassword(passwd);  then client
>> should be able to access the secure web service. I am getting the correct
>> password "manager" (as seen in the logs) and setting the same but  I dont
>> know why I am getting this fault.
>>
>> Second thing is, I am not sure what to do with subject?
>>
>> Am I missing something in the above code? Please correct me and help me in
>> this.
>>
>> Many Thanks in advance for your response.
>>
>> Regards,
>> Rahul
>>
>
>
>

Mime
View raw message