Many Thanks Dan for pointing to the root cause. So does that mean server will not send the secure SOAP header in the response? I thought initially that client will also receive the secured response from server. May be I was wrong.
I will try it by removing the WSS4JOutInterceptor from the server side to see if it works. Thanks again for your help. Best Regards, Rahul On Mon, Jul 27, 2009 at 5:23 PM, Daniel Kulp <dk...@apache.org> wrote: > On Mon July 27 2009 3:42:04 am rahul.soa wrote: > > Many Thanks David for your efforts in helping me out. That will be very > > helpful. > > Well, I did the grep for you. It's coming from WSS4J, not CXF, in: > src/org/apache/ws/security/message/token/UsernameToken.java > > Most likely, you DON'T want to setup the WSS4JOutInterceptor on the server > side to have a UserNameToken. That's not normally a usual occurrence. > (why > would the server be sending BACK a Username?) > > Dan > > > > > Will it be a good idea to forward my doubt to CXF and WSS4J developers > > community? > > > > > Best Regards, > > Rahul > > > > On Mon, Jul 27, 2009 at 1:35 AM, David Jencks <david_jen...@yahoo.com > >wrote: > > > I chatted with Rahul on IRC a bit, and it looks to me as if his code is > > > doing what cxf and wss4j expect. > > > I think the next step is to figure out exactly where the fault is > coming > > > from. > > > > > > I would grep the cxf and wss4j source code for "but a password is > > > needed". If that doesn't find the source I would run geronimo in the > > > debugger and put a breakpoint at the end of the handle(CallbackHandler > > > handler) method and step through the code. > > > > > > I also wonder if the fault is from the WSS4jOutInterceptor. > > > > > > thanks > > > david jencks > > > > > > On Jul 26, 2009, at 4:20 PM, rahul.soa wrote: > > > > > > Just one amendment here in my speculation about the fault cause. > > > > > > I wrote this in the previous thread, > > > > > > > > > "but I dont know why I am getting this error pwd == null but a password > > > is needed at pwcb.setPassword(passwd);" > > > > > > Now, i dont think this fault is coming from here > > > pwcb.setPassword(passwd); > > > > > > as I have tested it by removing the following code to be sure about the > > > fault > > > > > > if (!pwcb.getPassword().equals(passwd)) { > > > LOG.debug("wrong password"); > > > throw new IOException("wrong password"); > > > } else { > > > LOG.debug("I am setting the password here ::::" + > > > passwd); > > > pwcb.setPassword(passwd); > > > } > > > > > > from ServerPasswordHandler and I still have the same fault error in the > > > response. > > > > > > Please correct me if I am wrong somewhere. I am not sure where this > fault > > > come from? > > > > > > Thank you. > > > > > > Best Regards, > > > Rahul > > > > > > On Mon, Jul 27, 2009 at 12:07 AM, rahul.soa > <rahul....@googlemail.com>wrote: > > >> Hello David/Devs, > > >> > > >> Objective: trying to set web service security at serverside: > > >> > > >> I am getting an error while accessing the secured webservice. The soap > > >> fault I am receiving is below: > > >> > > >> *Response:* > > >> > > >> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/ > > >> > "><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring> > > >>*pwd == null but a password is needed* > > >> </faultstring></soap:Fault></soap:Body></soap:Envelope> > > >> * > > >> Request:* > > >> > > >> <soap:Envelope > > >> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/ > "><soap:Header><wss > > >>e:Security xmlns:wsse=" > > >> > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex > > >>t-1.0.xsd" soap:mustUnderstand="1"><wsse:UsernameToken xmlns:wsse=" > > >> > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex > > >>t-1.0.xsd" xmlns:wsu=" > > >> > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utili > > >>ty-1.0.xsd" wsu:Id="UsernameToken-32620541"><wsse:Username xmlns:wsse=" > > >> > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex > > >>t-1.0.xsd">system</wsse:Username><wsse:Password xmlns:wsse=" > > >> > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex > > >>t-1.0.xsd" Type=" > > >> > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-p > > > >>rofile-1.0#PasswordText">manager</wsse:Password></wsse:UsernameToken></ws > > >>se:Security></soap:Header><soap:Body><add > > >> xmlns="http://jws.samples.geronimo.apache.org > > >> > "><value1>2</value1><value2>2</value2></add></soap:Body></soap:Envelope> > > >> > > >> > > >> How I am trying to do is, > > >> > > >> 1. At, server side (in the doPublish method of CXFEndpoint), I am > > >> setting the WSS4JIn/OutInterceptor property for user token (please > note: > > >> this is not generic code at this moment) > > >> > > >> protected void doPublish(String baseAddress) { > > >> // XXX: assume port 8080 by default since we don't know the > > >> actual port > > >> // at startup > > >> String address = (baseAddress == null) ? " > http://localhost:8080" > > >> > > >> : baseAddress; > > >> > > >> JaxWsServerFactoryBean svrFactory = new > > >> GeronimoJaxWsServerFactoryBean(); > > >> svrFactory.setBus(bus); > > >> svrFactory.setAddress(address + this.portInfo.getLocation()); > > >> svrFactory.setServiceFactory(serviceFactory); > > >> svrFactory.setStart(false); > > >> svrFactory.setServiceBean(implementor); > > >> > > >> if > (HTTPBinding.HTTP_BINDING.equals(implInfo.getBindingType())) > > >> { svrFactory.setTransportId(" > > >> http://cxf.apache.org/bindings/xformat"); > > >> } > > >> > > >> // to receive the incoming username/password in soap request > > >> Map inProps = new HashMap(); > > >> inProps.put(WSHandlerConstants.ACTION, > > >> WSHandlerConstants.USERNAME_TOKEN); > > >> inProps.put(WSHandlerConstants.PASSWORD_TYPE, > > >> WSConstants.PW_TEXT); > > >> inProps.put(WSHandlerConstants.USER, "system"); > > >> inProps.put(WSHandlerConstants.PW_CALLBACK_REF, > > >> new *ServerPasswordHandler*()); > > >> > > >> server = svrFactory.create(); > > >> // to receive the secure header > > >> WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps); > > >> // to send the secure soap header > > >> WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(inProps); > > >> init(); > > >> > > >> org.apache.cxf.endpoint.Endpoint endpoint = getEndpoint(); > > >> > > >> endpoint.getInInterceptors().add(wssIn); > > >> endpoint.getInInterceptors().add( > > >> new > > >> org.apache.cxf.binding.soap.saaj.SAAJInInterceptor()); > > >> > > >> endpoint.getOutInterceptors().add(wssOut); > > >> endpoint.getOutInterceptors().add( > > >> new > > >> org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor()); > > >> LOG.debug("So far set the interceptor"); > > >> // > > >> > > >> if (getBinding() instanceof SOAPBinding > > >> && this.portInfo.isMTOMEnabled() != null) { > > >> ((SOAPBinding) getBinding()).setMTOMEnabled(this.portInfo > > >> .isMTOMEnabled()); > > >> } > > >> > > >> server.start(); > > >> LOG.debug("Invoked"); > > >> > > >> } > > >> > > >> I am setting up the login authentication and setting the password in > the > > >> Server Handler, like following: > > >> > > >> > > >> public class ServerPasswordHandler implements CallbackHandler { > > >> > > >> private static final Logger LOG = LoggerFactory > > >> ..getLogger(ServerPasswordHandler.class); > > >> > > >> public void handle(Callback[] callbacks) throws IOException, > > >> UnsupportedCallbackException { > > >> > > >> for (int i = 0; i < callbacks.length; i++) { > > >> WSPasswordCallback pwcb = (WSPasswordCallback) > callbacks[i]; > > >> if (pwcb.getUsage() == > > >> WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) { > > >> LOG.debug("I am inside the ServerPasswordHandler"); > > >> String username = pwcb.getIdentifier(); > > >> String passwd = pwcb.getPassword(); > > >> > > >> LoginContext context = null; > > >> try { > > >> // Login authentication goes here > > >> // use the existing security realm for the moment > > >> for testing > > >> context = ContextManager.login("geronimo-admin", > > >> new > > >> UsernamePasswordCallbackHandler(username, passwd)); > > >> // ContextManager.login(realm, callbackHandler, > > >> // configuration) > > >> context.login(); > > >> LOG.debug("login is successful"); > > >> } catch (LoginException e) { > > >> LOG.debug("login failed"); > > >> throw new IOException("Unable to verify " + > username > > >> + " and " + passwd); > > >> } > > >> > > >> //TODO: what to do with subject > > >> Subject subject = context.getSubject(); > > >> ContextManager.setCallers(subject, subject); > > >> > > >> if (!pwcb.getPassword().equals(passwd)) { > > >> LOG.debug("wrong password"); > > >> throw new IOException("wrong password"); > > >> } else { > > >> *LOG.debug("I am setting the password here > > >> > > >> ::::" > > >> > > >> + passwd);* > > >> * pwcb.setPassword(passwd);* > > >> } > > >> > > >> } > > >> > > >> } > > >> } > > >> > > >> } > > >> > > >> > > >> In the traces, I can see the password value is "manager" which is sent > > >> by client > > >> I am setting the password here ::::manager > > >> > > >> but I dont know why I am getting this error pwd == null but a password > > >> is needed at pwcb.setPassword(passwd); > > >> > > >> Login authentication goes sucessful when the client provides the > correct > > >> username and password (which are "system and "manager" respectively). > > >> and goes unsuccessful otherwise. > > >> > > >> The full trace from the geronimo.log is attached here: (there are some > > >> debug statement to see the traces ) > > >> > > >> > > >> > > >> 2009-07-27 01:26:17,809 DEBUG [JAXWSServiceReference] Initializing > > >> service with: > > >> > file:/home/rahul/new_workspace1/GerominoWebClient/WEB-INF/wsdl/Calculato > > >>rService.wsdl {http://jws.samples.geronimo.apache.org}Calculator > > >> 2009-07-27 01:26:18,031 DEBUG [PortMethodInterceptor] Set address > > >> property: http://localhost:8080/GerominoWeb/calculator > > >> 2009-07-27 01:26:18,031 DEBUG [CXFPortMethodInterceptor] Username and > > >> password sent by Clients are : system manager > > >> 2009-07-27 01:26:18,126 DEBUG [CXFPasswordHandler] I HAVE SET THE > > >> VALUES system and manager > > >> 2009-07-27 01:26:18,142 DEBUG [ServerPasswordHandler] I am inside the > > >> ServerPasswordHandler > > >> 2009-07-27 01:26:18,143 DEBUG [UsernamePasswordCallbackHandler] WHAT I > > >> GOT HERE: system and manager > > >> 2009-07-27 01:26:18,143 DEBUG [UsernamePasswordCallbackHandler] > Username > > >> set to: system > > >> 2009-07-27 01:26:18,143 DEBUG [UsernamePasswordCallbackHandler] > password > > >> set to: manager > > >> 2009-07-27 01:26:18,144 DEBUG [UsernamePasswordCallbackHandler] WHAT I > > >> GOT HERE: system and manager > > >> 2009-07-27 01:26:18,144 DEBUG [UsernamePasswordCallbackHandler] > Username > > >> set to: system > > >> 2009-07-27 01:26:18,144 DEBUG [UsernamePasswordCallbackHandler] > password > > >> set to: manager > > >> *2009-07-27 01:26:18,144 DEBUG [ServerPasswordHandler] login is > > >> successful* > > >> *2009-07-27 01:26:18,145 DEBUG [ServerPasswordHandler] I am setting > the > > >> password here ::::manager* > > >> *2009-07-27 01:26:18,313 INFO [PhaseInterceptorChain] Interceptor has > > >> thrown exception, unwinding now pwd == null but a password is needed* > > >> 2009-07-27 01:26:18,376 ERROR [log] /jaxws-calculator/calculator > > >> *javax.xml.ws.soap.SOAPFaultException: pwd == null but a password is > > >> needed* > > >> at > > >> > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:145) > > >> at $Proxy67.add(Unknown Source) > > >> at CalculatorServlet.doGet(CalculatorServlet.java:42) > > >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:693) > > >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:806) > > >> at > > >> org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:521) > > >> at > > >> > org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:43 > > >>5) at > > >> > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java > > >>:118) at > > >> > org.eclipse.jetty.server.session.SessionHandler.handle(SessionHandler.ja > > >>va:179) at > > >> > org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler. > > >>java:928) at > > >> > org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:370 > > >>) at > > >> > org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.j > > >>ava:862) at > > >> > org.apache.geronimo.jetty7.handler.GeronimoWebAppContext.doScope(Geronim > > >>oWebAppContext.java:107) at > > >> > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java > > >>:116) at > > >> > org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(Context > > >>HandlerCollection.java:243) at > > >> > org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollect > > >>ion.java:126) at > > >> > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.ja > > >>va:115) at org.eclipse.jetty.server.Server.handle(Server.java:337) > > >> at > > >> > org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.jav > > >>a:561) at > > >> > org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(Ht > > >>tpConnection.java:943) at > > >> org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:530) at > > >> org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:203) > > >> at > > >> > org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:414) > > >> at > > >> > org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint > > >>.java:437) at > > >> org.apache.geronimo.pool.ThreadPool$1.run(ThreadPool.java:214) at > > >> > org.apache.geronimo.pool.ThreadPool$ContextClassLoaderRunnable.run(Threa > > >>dPool.java:344) at > > >> > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecuto > > >>r.java:886) at > > >> > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.ja > > >>va:908) at java.lang.Thread.run(Thread.java:619) > > >> *Caused by: org.apache.cxf.binding.soap.SoapFault: pwd == null but a > > >> password is needed* > > >> at > > >> > org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarsh > > >>alFault(Soap11FaultInInterceptor.java:75) at > > >> > org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleM > > >>essage(Soap11FaultInInterceptor.java:46) at > > >> > org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleM > > >>essage(Soap11FaultInInterceptor.java:35) at > > >> > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC > > >>hain.java:226) at > > >> > org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage > > >>(AbstractFaultChainInitiatorObserver.java:96) at > > >> > org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMess > > >>age(CheckFaultInterceptor.java:69) at > > >> > org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMess > > >>age(CheckFaultInterceptor.java:34) at > > >> > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC > > >>hain.java:226) at > > >> org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:641) at > > >> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResp > > >>onseInternal(HTTPConduit.java:2102) at > > >> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResp > > >>onse(HTTPConduit.java:1980) at > > >> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTP > > >>Conduit.java:1905) at > > >> > org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66) > > >> at > > >> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:600) > > >> at > > >> > org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingI > > >>nterceptor.handleMessage(MessageSenderInterceptor.java:62) at > > >> > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC > > >>hain.java:226) at > > >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:469) at > > >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:299) at > > >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:251) at > > >> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) at > > >> > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124) > > >> ... 28 more > > >> > > >> > > >> Can you please let me know or correct me, why this is happening?, I > > >> think if password is set correctly in the pwcb.setPassword(passwd); > > >> then client should be able to access the secure web service. I am > > >> getting the correct password "manager" (as seen in the logs) and > setting > > >> the same but I dont know why I am getting this fault. > > >> > > >> Second thing is, I am not sure what to do with subject? > > >> > > >> Am I missing something in the above code? Please correct me and help > me > > >> in this. > > >> > > >> Many Thanks in advance for your response. > > >> > > >> Regards, > > >> Rahul > > -- > Daniel Kulp > dk...@apache.org > http://www.dankulp.com/blog >