Once *you* decide which one you want--your choice but if the WSDL
doesn't have security policy statements it will need to be WSS4J--just
follow my blog entry, making changes as explained in the tutorial
depending on the option you wanted. For example, the code segment
referenced had instructions just before it telling you to comment out /
uncomment the particular segment depending on the method you chose.
Glen
On 02/03/2012 01:33 PM, COURTAULT Francois wrote:
Hello,
OK but how do you choose the method WSS4J interceptors or WS-SecurityPolicy ?
Best Regards.
-----Original Message-----
From: Glen Mazza [mailto:gma...@talend.com]
Sent: vendredi 3 février 2012 19:29
To: users@cxf.apache.org
Subject: Re: Issue with CXF-2.5.2 regarding UsernameToken
The only reference to WSHandlerConstants.USER in the blog article is in the
case where you're using WSS4J interceptors and not WS-SecurityPolicy. Remember
just before that code block the article says to activate the section of the
code depending on the method you're using--WSS4J interceptors or
WS-SecurityPolicy.
Glen
On 02/03/2012 01:03 PM, COURTAULT Francois wrote:
Hello,
I don't understand because the 2 ways of coding seem feasible
according the article at:
http://www.jroller.com/gmazza/entry/cxf_usernametoken_profile
So do you mean that the client code provided in this article is wrong ?
Best Regards
-----Original Message-----
From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
Sent: vendredi 3 février 2012 18:17
To: users@cxf.apache.org
Subject: Re: Issue with CXF-2.5.2 regarding UsernameToken
Hi Francois,
In the code you have that works, you are (correctly) setting the username via the tag
"ws-security.username". This is defined in the following documentation "Configuring
the extra properties":
http://cxf.apache.org/docs/ws-securitypolicy.html
However in the code that does not work, you are setting the username via the
tag WSHandlerConstants.USER. This is a configuration tag used by WSS4J and it
works with CXF for the non-WS-SecurityPolicy use-case.
As you are using WS-SecurityPolicy (TransportBindingHandler), it does not work.
Colm.
On Fri, Feb 3, 2012 at 5:10 PM, COURTAULT
Francois<francois.courta...@gemalto.com> wrote:
Hello everybody,
For UsernameToken, in my client code I have used the following code which is:
Map<String, Object> ctx = ((BindingProvider)
port).getRequestContext();
ctx.put("ws-security.username", "myusername");
ctx.put("ws-security.password", "mypassword"); It
works :)
But if I replace this one with:
Map<String, Object> outProps = new HashMap<String,
Object>();
outProps.put(WSHandlerConstants.ACTION,
WSHandlerConstants.USERNAME_TOKEN);
outProps.put(WSHandlerConstants.USER, "myusername");
outProps.put(WSHandlerConstants.PASSWORD_TYPE,
WSConstants.PW_TEXT);
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
ClientPasswordCB.class.getName());
WSS4JOutInterceptor wssOut = new
WSS4JOutInterceptor(outProps);
Client client =
org.apache.cxf.frontend.ClientProxy.getClient(port);
Endpoint cxfEndpoint = client.getEndpoint();
cxfEndpoint.getOutInterceptors().add(wssOut);
with
public class ClientPasswordCB implements CallbackHandler {
@Override
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
// TODO Auto-generated method stub
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
if ("myusername".equals(pc.getIdentifier())) {
pc.setPassword("mypassword");
}
}
}
I got the following error:
févr. 2012 18:04:50 org.apache.cxf.phase.PhaseInterceptorChain
doDefaultLogging
ATTENTION: Interceptor for
{http://gemalto/test/ws/}SimpleWSEJBService#{http://gemalto/test/ws/}
h elloWorld has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: No username available
at
org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandl
e
r.handleBinding(TransportBindingHandler.java:151)
at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$Polic
y
BasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInt
e
rceptor.java:158)
at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$Polic
y
BasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInt
e
rceptor.java:88)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseIntercept
o
rChain.java:263)
at
org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:533)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
at
org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:88)
at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:13
4
)
at $Proxy27.helloWorld(Unknown Source)
at
com.gemalto.test.cxf.TestSimpleWSCXFClientHttpsUsername.main(TestSimp
l
eWSCXFClientHttpsUsername.java:85)
Caused by: org.apache.cxf.ws.policy.PolicyException: No username
available
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilde
r
.policyNotAsserted(AbstractBindingBuilder.java:301)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilde
r
.addUsernameToken(AbstractBindingBuilder.java:804)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilde
r
.handleSupportingTokens(AbstractBindingBuilder.java:475)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilde
r
.handleSupportingTokens(AbstractBindingBuilder.java:462)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandl
e
r.handleNonEndorsingSupportingTokens(TransportBindingHandler.java:200)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandl
e
r.handleBinding(TransportBindingHandler.java:144)
... 11 more
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: No
username available
at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:15
6
)
at $Proxy27.helloWorld(Unknown Source)
at
com.gemalto.test.cxf.TestSimpleWSCXFClientHttpsUsername.main(TestSimp
l
eWSCXFClientHttpsUsername.java:85)
Caused by: org.apache.cxf.ws.policy.PolicyException: No username
available
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilde
r
.policyNotAsserted(AbstractBindingBuilder.java:301)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilde
r
.addUsernameToken(AbstractBindingBuilder.java:804)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilde
r
.handleSupportingTokens(AbstractBindingBuilder.java:475)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilde
r
.handleSupportingTokens(AbstractBindingBuilder.java:462)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandl
e
r.handleNonEndorsingSupportingTokens(TransportBindingHandler.java:200)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandl
e
r.handleBinding(TransportBindingHandler.java:144)
at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$Polic
y
BasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInt
e
rceptor.java:158)
at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$Polic
y
BasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInt
e
rceptor.java:88)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseIntercept
o
rChain.java:263)
at
org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:533)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
at
org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:88)
at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:13
4
)
... 2 more
Any idea ? What's wrong with this code ?
Best Regards.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
--
Glen Mazza
Talend Community Coders - coders.talend.com
blog: www.jroller.com/gmazza
--
Glen Mazza
Talend Community Coders - coders.talend.com
blog: www.jroller.com/gmazza