In your service side CallbackHandler, replace:
<<<<<
if (pc.getIdentifier().equals(this.username)) {
if (!pc.getPassword().equals(this.password)) {
throw new IOException("Invalid password");
}
}
else{
throw new IOException("Invalid Identifier");
}
>>>>>
with
<<<<<
if (pc.getIdentifier().equals(this.username)) {
pc.setPassword(this.password);
}
else{
throw new IOException("Invalid Identifier");
}
>>>>>
Colm.
On Mon, Jun 27, 2011 at 4:54 PM, Vivek Alampally <vivek2...@gmail.com> wrote:
> Sorry, I might be irritating you but this is what I have done.
> Server Side (Web service side)
> --------------------------------------------
>
> <jaxws:inInterceptors>
> <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
> <constructor-arg>
> <map>
> <entry key="action" value="UsernameToken" />
> <entry key="passwordType" value="PasswordText" />
> <entry key="passwordCallbackRef">
> <ref bean="ServerPasswordCallback" />
> </entry>
> </map>
> </constructor-arg>
> </bean>
> </jaxws:inInterceptors>
> <bean id="ServerPasswordCallback"
> class="com.fdt.sdl.security.authentication.util.ServerPasswordCallback">
> <property name="username" value="${webservice.username}" />
> <property name="password" value="${webservice.password}" />
> </bean>
> public class ServerPasswordCallback implements CallbackHandler {
> private String username;
> private String password;
> public String getUsername() {
> return username;
> }
> public void setUsername(String username) {
> this.username = username;
> }
> public String getPassword() {
> return password;
> }
> public void setPassword(String password) {
> this.password = password;
> }
> @Override
> public void handle(Callback[] callbacks) throws IOException,
> UnsupportedCallbackException {
> WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
> if (pc.getIdentifier().equals(this.username)) {
> if (!pc.getPassword().equals(this.password)) {
> throw new IOException("Invalid password");
> }
> }
> else{
> throw new IOException("Invalid Identifier");
> }
> }
> }
> Client Side
> -------------------
> <bean id="logIn" class="org.apache.cxf.interceptor.LoggingInInterceptor" />
> <bean id="logOut" class="org.apache.cxf.interceptor.LoggingOutInterceptor"
> />
> <bean id="saajOut"
> class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
> <bean id="wss4jOut"
> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
> <constructor-arg>
> <map>
> <entry key="action" value="UsernameToken" />
> <entry key="user" value="${webservice.username}" />
> <entry key="passwordType" value="PasswordText" />
> <entry key="passwordCallbackRef">
> <ref bean="clientPasswordCallback" />
> </entry>
> </map>
> </constructor-arg>
> </bean>
> In clientFactoryBean,
> <property name="inInterceptors">
> <list>
> <ref bean="logIn" />
> </list>
> </property>
> <property name="outInterceptors">
> <list>
> <ref bean="logOut" />
> <ref bean="saajOut" />
> <ref bean="wss4jOut" />
> </list>
> </property>
> <bean id="clientPasswordCallback"
> class="com.fdt.sdl.security.authentication.util.ClientPasswordCallback">
> <property name="password" value="${webservice.password}" />
> </bean>
> public class ClientPasswordCallback implements CallbackHandler {
> private String password;
> public String getPassword() {
> return password;
> }
> public void setPassword(String password) {
> this.password = password;
> }
> @Override
> public void handle(Callback[] callbacks) throws IOException,
> UnsupportedCallbackException {
> WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
> pc.setPassword(this.password);
> }
> }
>
> On Mon, Jun 27, 2011 at 11:38 AM, Colm O hEigeartaigh <cohei...@apache.org>
> wrote:
>>
>> How are you validating the received username/password at the moment?
>> If you have access to a password for a given user in the
>> CallbackHandler, then you don't need to write a Validator. Simply set
>> the password on the WSPasswordCallback object, and the
>> UsernameTokenValidator will take care of the validation.
>>
>> Colm.
>>
>> On Mon, Jun 27, 2011 at 4:11 PM, Vivek Alampally <vivek2...@gmail.com>
>> wrote:
>> > Hi Colm,
>> > Do you have any link pointing to how this can be done.
>> > I just need to have a username & password for existing web service. For
>> > this
>> > do I need to write a custom Validator. Can I use existing
>> > default UsernameTokenValidator?
>> > Thanks,
>> > Vivek.
>> >
>> > On Mon, Jun 27, 2011 at 10:55 AM, Colm O hEigeartaigh
>> > <cohei...@apache.org>
>> > wrote:
>> >>
>> >> In WSS4J 1.6 the password is not supplied to the CallbackHandler, only
>> >> the username. The CallbackHandler is expected to supply the password
>> >> to the default Validator (UsernameTokenValidator) in this case. If you
>> >> wish to implement some custom scenario, you must implement your own
>> >> Validator implementation. See here for more information:
>> >>
>> >>
>> >> http://coheigea.blogspot.com/2011/04/wss4j-16-introducing-validators.html
>> >>
>> >> Colm.
>> >>
>> >> On Mon, Jun 27, 2011 at 3:36 PM, Vivek Alampally <vivek2...@gmail.com>
>> >> wrote:
>> >> > Here is the actual problem when integrating CXF 2.4.1 with WSS4J
>> >> > 1.6.1.
>> >> > So
>> >> > does this change require change in configuration.. Can anybody please
>> >> > help
>> >> > me in fixing this issue.
>> >> >
>> >> > java.lang.NullPointerException
>> >> > at
>> >> >
>> >> >
>> >> > com.fdt.sdl.security.authentication.util.ServerPasswordCallback.handle(ServerPasswordCallback.java:41)
>> >> > at
>> >> >
>> >> >
>> >> > org.apache.ws.security.validate.UsernameTokenValidator.verifyDigestPassword(UsernameTokenValidator.java:168)
>> >> > at
>> >> >
>> >> >
>> >> > org.apache.ws.security.validate.UsernameTokenValidator.verifyPlaintextPassword(UsernameTokenValidator.java:142)
>> >> > at
>> >> >
>> >> >
>> >> > org.apache.ws.security.validate.UsernameTokenValidator.validate(UsernameTokenValidator.java:100)
>> >> > at
>> >> >
>> >> >
>> >> > org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:118)
>> >> > at
>> >> >
>> >> >
>> >> > org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:52)
>> >> > at
>> >> >
>> >> >
>> >> > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
>> >> > at
>> >> >
>> >> >
>> >> > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:249)
>> >> > at
>> >> >
>> >> >
>> >> > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:85)
>> >> > at
>> >> >
>> >> >
>> >> > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
>> >> > at
>> >> >
>> >> >
>> >> > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:118)
>> >> > at
>> >> >
>> >> >
>> >> > org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:208)
>> >> > at
>> >> >
>> >> >
>> >> > org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:223)
>> >> > at
>> >> >
>> >> >
>> >> > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:205)
>> >> > at
>> >> >
>> >> >
>> >> > org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:113)
>> >> > at
>> >> >
>> >> >
>> >> > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:184)
>> >> > at
>> >> >
>> >> >
>> >> > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:107)
>> >> > at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
>> >> > at
>> >> >
>> >> >
>> >> > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:163)
>> >> > at
>> >> >
>> >> >
>> >> > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)
>> >> > at
>> >> >
>> >> >
>> >> > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
>> >> > at
>> >> >
>> >> >
>> >> > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240)
>> >> > at
>> >> >
>> >> >
>> >> > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164)
>> >> > at
>> >> >
>> >> >
>> >> > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462)
>> >> > at
>> >> >
>> >> >
>> >> > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164)
>> >> > at
>> >> >
>> >> >
>> >> > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
>> >> > at
>> >> >
>> >> > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:563)
>> >> > at
>> >> >
>> >> >
>> >> > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
>> >> > at
>> >> >
>> >> >
>> >> > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:403)
>> >> > at
>> >> >
>> >> >
>> >> > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:301)
>> >> > at
>> >> >
>> >> >
>> >> > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:162)
>> >> > at
>> >> >
>> >> >
>> >> > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:140)
>> >> > at
>> >> >
>> >> >
>> >> > org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309)
>> >> > at
>> >> >
>> >> >
>> >> > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
>> >> > at
>> >> >
>> >> >
>> >> > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
>> >> > at java.lang.Thread.run(Thread.java:662)
>> >> >
>> >> > On Mon, Jun 27, 2011 at 10:22 AM, Vivek Alampally
>> >> > <vivek2...@gmail.com>wrote:
>> >> >
>> >> >> Sorry this exception got resolved when I removed XMLSchema1.4.7.jar
>> >> >>
>> >> >>
>> >> >> On Mon, Jun 27, 2011 at 10:14 AM, Vivek Alampally
>> >> >> <vivek2...@gmail.com>wrote:
>> >> >>
>> >> >>> Hi,
>> >> >>> Thanks for your prompt response.
>> >> >>>
>> >> >>> When I add WSS4j 1.6.1 the below exception is coming.
>> >> >>> org.springframework.beans.factory.BeanDefinitionStoreException:
>> >> >>> Factory
>> >> >>> method [public java.lang.Object
>> >> >>> org.apache.cxf.jaxws.JaxWsProxyFactoryBean.create()] threw
>> >> >>> exception;
>> >> >>> nested
>> >> >>> exception is java.lang.NoSuchFieldError: QUALIFIED
>> >> >>>
>> >> >>>
>> >> >>> Does this change require any change in configuration as well.
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>> On Mon, Jun 27, 2011 at 9:53 AM, Colm O hEigeartaigh
>> >> >>> <cohei...@apache.org
>> >> >>> > wrote:
>> >> >>>
>> >> >>>> They are incompatible - you must use WSS4J 1.6.x with CXF 2.4.x.
>> >> >>>>
>> >> >>>> Colm.
>> >> >>>>
>> >> >>>> On Mon, Jun 27, 2011 at 2:47 PM, Vivek Alampally
>> >> >>>> <vivek2...@gmail.com>
>> >> >>>> wrote:
>> >> >>>> > Hi
>> >> >>>> > I am getting the following exception while replacing existing
>> >> >>>> > cxf
>> >> >>>> > 2.3.3
>> >> >>>> jar
>> >> >>>> > with Apache CXF 2.4.1
>> >> >>>> > java.lang.NoSuchMethodError<
>> >> >>>>
>> >> >>>>
>> >> >>>> http://download.oracle.com/javase/6/docs/api/java/lang/NoSuchMethodError.html
>> >> >>>> >:
>> >> >>>> >
>> >> >>>>
>> >> >>>>
>> >> >>>> org.apache.ws.security.util.WSSecurityUtil.decodeAction(Ljava/lang/String;Ljava/util/List;)I
>> >> >>>> >
>> >> >>>> > Can anyone please tell me whether there are any compatibility
>> >> >>>> > issues
>> >> >>>> > with Apache CXF 2.4 and wss4j 1.5.11.
>> >> >>>> >
>> >> >>>>
>> >> >>>>
>> >> >>>>
>> >> >>>> --
>> >> >>>> Colm O hEigeartaigh
>> >> >>>>
>> >> >>>> http://coheigea.blogspot.com/
>> >> >>>> Talend - http://www.talend.com
>> >> >>>>
>> >> >>>
>> >> >>>
>> >> >>
>> >> >
>> >>
>> >>
>> >>
>> >> --
>> >> Colm O hEigeartaigh
>> >>
>> >> http://coheigea.blogspot.com/
>> >> Talend - http://www.talend.com
>> >
>> >
>>
>>
>>
>> --
>> Colm O hEigeartaigh
>>
>> http://coheigea.blogspot.com/
>> Talend - http://www.talend.com
>
>
--
Colm O hEigeartaigh
http://coheigea.blogspot.com/
Talend - http://www.talend.com
