Thanks Colm, This works. But I have a question, why the validators are introduced in WSS4J 1.6.
On Mon, Jun 27, 2011 at 11:58 AM, Colm O hEigeartaigh <cohei...@apache.org>wrote: > In your service side CallbackHandler, replace: > > <<<<< > if (pc.getIdentifier().equals(this.username)) { > > if (!pc.getPassword().equals(this.password)) { > throw new IOException("Invalid password"); > } > } > else{ > throw new IOException("Invalid Identifier"); > } > >>>>> > > with > > <<<<< > if (pc.getIdentifier().equals(this.username)) { > pc.setPassword(this.password); > } > else{ > throw new IOException("Invalid Identifier"); > } > >>>>> > > Colm. > > On Mon, Jun 27, 2011 at 4:54 PM, Vivek Alampally <vivek2...@gmail.com> > wrote: > > Sorry, I might be irritating you but this is what I have done. > > Server Side (Web service side) > > -------------------------------------------- > > > > <jaxws:inInterceptors> > > <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" /> > > <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> > > <constructor-arg> > > <map> > > <entry key="action" value="UsernameToken" /> > > <entry key="passwordType" value="PasswordText" /> > > <entry key="passwordCallbackRef"> > > <ref bean="ServerPasswordCallback" /> > > </entry> > > </map> > > </constructor-arg> > > </bean> > > </jaxws:inInterceptors> > > <bean id="ServerPasswordCallback" > > class="com.fdt.sdl.security.authentication.util.ServerPasswordCallback"> > > <property name="username" value="${webservice.username}" /> > > <property name="password" value="${webservice.password}" /> > > </bean> > > public class ServerPasswordCallback implements CallbackHandler { > > private String username; > > private String password; > > public String getUsername() { > > return username; > > } > > public void setUsername(String username) { > > this.username = username; > > } > > public String getPassword() { > > return password; > > } > > public void setPassword(String password) { > > this.password = password; > > } > > @Override > > public void handle(Callback[] callbacks) throws IOException, > > UnsupportedCallbackException { > > WSPasswordCallback pc = (WSPasswordCallback) callbacks[0]; > > if (pc.getIdentifier().equals(this.username)) { > > if (!pc.getPassword().equals(this.password)) { > > throw new IOException("Invalid password"); > > } > > } > > else{ > > throw new IOException("Invalid Identifier"); > > } > > } > > } > > Client Side > > ------------------- > > <bean id="logIn" class="org.apache.cxf.interceptor.LoggingInInterceptor" > /> > > <bean id="logOut" > class="org.apache.cxf.interceptor.LoggingOutInterceptor" > > /> > > <bean id="saajOut" > > class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" /> > > <bean id="wss4jOut" > > class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"> > > <constructor-arg> > > <map> > > <entry key="action" value="UsernameToken" /> > > <entry key="user" value="${webservice.username}" /> > > <entry key="passwordType" value="PasswordText" /> > > <entry key="passwordCallbackRef"> > > <ref bean="clientPasswordCallback" /> > > </entry> > > </map> > > </constructor-arg> > > </bean> > > In clientFactoryBean, > > <property name="inInterceptors"> > > <list> > > <ref bean="logIn" /> > > </list> > > </property> > > <property name="outInterceptors"> > > <list> > > <ref bean="logOut" /> > > <ref bean="saajOut" /> > > <ref bean="wss4jOut" /> > > </list> > > </property> > > <bean id="clientPasswordCallback" > > class="com.fdt.sdl.security.authentication.util.ClientPasswordCallback"> > > <property name="password" value="${webservice.password}" /> > > </bean> > > public class ClientPasswordCallback implements CallbackHandler { > > private String password; > > public String getPassword() { > > return password; > > } > > public void setPassword(String password) { > > this.password = password; > > } > > @Override > > public void handle(Callback[] callbacks) throws IOException, > > UnsupportedCallbackException { > > WSPasswordCallback pc = (WSPasswordCallback) callbacks[0]; > > pc.setPassword(this.password); > > } > > } > > > > On Mon, Jun 27, 2011 at 11:38 AM, Colm O hEigeartaigh < > cohei...@apache.org> > > wrote: > >> > >> How are you validating the received username/password at the moment? > >> If you have access to a password for a given user in the > >> CallbackHandler, then you don't need to write a Validator. Simply set > >> the password on the WSPasswordCallback object, and the > >> UsernameTokenValidator will take care of the validation. > >> > >> Colm. > >> > >> On Mon, Jun 27, 2011 at 4:11 PM, Vivek Alampally <vivek2...@gmail.com> > >> wrote: > >> > Hi Colm, > >> > Do you have any link pointing to how this can be done. > >> > I just need to have a username & password for existing web service. > For > >> > this > >> > do I need to write a custom Validator. Can I use existing > >> > default UsernameTokenValidator? > >> > Thanks, > >> > Vivek. > >> > > >> > On Mon, Jun 27, 2011 at 10:55 AM, Colm O hEigeartaigh > >> > <cohei...@apache.org> > >> > wrote: > >> >> > >> >> In WSS4J 1.6 the password is not supplied to the CallbackHandler, > only > >> >> the username. The CallbackHandler is expected to supply the password > >> >> to the default Validator (UsernameTokenValidator) in this case. If > you > >> >> wish to implement some custom scenario, you must implement your own > >> >> Validator implementation. See here for more information: > >> >> > >> >> > >> >> > http://coheigea.blogspot.com/2011/04/wss4j-16-introducing-validators.html > >> >> > >> >> Colm. > >> >> > >> >> On Mon, Jun 27, 2011 at 3:36 PM, Vivek Alampally < > vivek2...@gmail.com> > >> >> wrote: > >> >> > Here is the actual problem when integrating CXF 2.4.1 with WSS4J > >> >> > 1.6.1. > >> >> > So > >> >> > does this change require change in configuration.. Can anybody > please > >> >> > help > >> >> > me in fixing this issue. > >> >> > > >> >> > java.lang.NullPointerException > >> >> > at > >> >> > > >> >> > > >> >> > > com.fdt.sdl.security.authentication.util.ServerPasswordCallback.handle(ServerPasswordCallback.java:41) > >> >> > at > >> >> > > >> >> > > >> >> > > org.apache.ws.security.validate.UsernameTokenValidator.verifyDigestPassword(UsernameTokenValidator.java:168) > >> >> > at > >> >> > > >> >> > > >> >> > > org.apache.ws.security.validate.UsernameTokenValidator.verifyPlaintextPassword(UsernameTokenValidator.java:142) > >> >> > at > >> >> > > >> >> > > >> >> > > org.apache.ws.security.validate.UsernameTokenValidator.validate(UsernameTokenValidator.java:100) > >> >> > at > >> >> > > >> >> > > >> >> > > org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:118) > >> >> > at > >> >> > > >> >> > > >> >> > > org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:52) > >> >> > at > >> >> > > >> >> > > >> >> > > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396) > >> >> > at > >> >> > > >> >> > > >> >> > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:249) > >> >> > at > >> >> > > >> >> > > >> >> > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:85) > >> >> > at > >> >> > > >> >> > > >> >> > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263) > >> >> > at > >> >> > > >> >> > > >> >> > > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:118) > >> >> > at > >> >> > > >> >> > > >> >> > > org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:208) > >> >> > at > >> >> > > >> >> > > >> >> > > org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:223) > >> >> > at > >> >> > > >> >> > > >> >> > > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:205) > >> >> > at > >> >> > > >> >> > > >> >> > > org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:113) > >> >> > at > >> >> > > >> >> > > >> >> > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:184) > >> >> > at > >> >> > > >> >> > > >> >> > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:107) > >> >> > at javax.servlet.http.HttpServlet.service(HttpServlet.java:641) > >> >> > at > >> >> > > >> >> > > >> >> > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:163) > >> >> > at > >> >> > > >> >> > > >> >> > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304) > >> >> > at > >> >> > > >> >> > > >> >> > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > >> >> > at > >> >> > > >> >> > > >> >> > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240) > >> >> > at > >> >> > > >> >> > > >> >> > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164) > >> >> > at > >> >> > > >> >> > > >> >> > > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462) > >> >> > at > >> >> > > >> >> > > >> >> > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164) > >> >> > at > >> >> > > >> >> > > >> >> > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) > >> >> > at > >> >> > > >> >> > > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:563) > >> >> > at > >> >> > > >> >> > > >> >> > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) > >> >> > at > >> >> > > >> >> > > >> >> > > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:403) > >> >> > at > >> >> > > >> >> > > >> >> > > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:301) > >> >> > at > >> >> > > >> >> > > >> >> > > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:162) > >> >> > at > >> >> > > >> >> > > >> >> > > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:140) > >> >> > at > >> >> > > >> >> > > >> >> > > org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309) > >> >> > at > >> >> > > >> >> > > >> >> > > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) > >> >> > at > >> >> > > >> >> > > >> >> > > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) > >> >> > at java.lang.Thread.run(Thread.java:662) > >> >> > > >> >> > On Mon, Jun 27, 2011 at 10:22 AM, Vivek Alampally > >> >> > <vivek2...@gmail.com>wrote: > >> >> > > >> >> >> Sorry this exception got resolved when I removed > XMLSchema1.4.7.jar > >> >> >> > >> >> >> > >> >> >> On Mon, Jun 27, 2011 at 10:14 AM, Vivek Alampally > >> >> >> <vivek2...@gmail.com>wrote: > >> >> >> > >> >> >>> Hi, > >> >> >>> Thanks for your prompt response. > >> >> >>> > >> >> >>> When I add WSS4j 1.6.1 the below exception is coming. > >> >> >>> org.springframework.beans.factory.BeanDefinitionStoreException: > >> >> >>> Factory > >> >> >>> method [public java.lang.Object > >> >> >>> org.apache.cxf.jaxws.JaxWsProxyFactoryBean.create()] threw > >> >> >>> exception; > >> >> >>> nested > >> >> >>> exception is java.lang.NoSuchFieldError: QUALIFIED > >> >> >>> > >> >> >>> > >> >> >>> Does this change require any change in configuration as well. > >> >> >>> > >> >> >>> > >> >> >>> > >> >> >>> On Mon, Jun 27, 2011 at 9:53 AM, Colm O hEigeartaigh > >> >> >>> <cohei...@apache.org > >> >> >>> > wrote: > >> >> >>> > >> >> >>>> They are incompatible - you must use WSS4J 1.6.x with CXF 2.4.x. > >> >> >>>> > >> >> >>>> Colm. > >> >> >>>> > >> >> >>>> On Mon, Jun 27, 2011 at 2:47 PM, Vivek Alampally > >> >> >>>> <vivek2...@gmail.com> > >> >> >>>> wrote: > >> >> >>>> > Hi > >> >> >>>> > I am getting the following exception while replacing existing > >> >> >>>> > cxf > >> >> >>>> > 2.3.3 > >> >> >>>> jar > >> >> >>>> > with Apache CXF 2.4.1 > >> >> >>>> > java.lang.NoSuchMethodError< > >> >> >>>> > >> >> >>>> > >> >> >>>> > http://download.oracle.com/javase/6/docs/api/java/lang/NoSuchMethodError.html > >> >> >>>> >: > >> >> >>>> > > >> >> >>>> > >> >> >>>> > >> >> >>>> > org.apache.ws.security.util.WSSecurityUtil.decodeAction(Ljava/lang/String;Ljava/util/List;)I > >> >> >>>> > > >> >> >>>> > Can anyone please tell me whether there are any compatibility > >> >> >>>> > issues > >> >> >>>> > with Apache CXF 2.4 and wss4j 1.5.11. > >> >> >>>> > > >> >> >>>> > >> >> >>>> > >> >> >>>> > >> >> >>>> -- > >> >> >>>> Colm O hEigeartaigh > >> >> >>>> > >> >> >>>> http://coheigea.blogspot.com/ > >> >> >>>> Talend - http://www.talend.com > >> >> >>>> > >> >> >>> > >> >> >>> > >> >> >> > >> >> > > >> >> > >> >> > >> >> > >> >> -- > >> >> Colm O hEigeartaigh > >> >> > >> >> http://coheigea.blogspot.com/ > >> >> Talend - http://www.talend.com > >> > > >> > > >> > >> > >> > >> -- > >> Colm O hEigeartaigh > >> > >> http://coheigea.blogspot.com/ > >> Talend - http://www.talend.com > > > > > > > > -- > Colm O hEigeartaigh > > http://coheigea.blogspot.com/ > Talend - http://www.talend.com >