Hi Colm, Please find the log below(at the end). I have password callbacks at both client and web service server side as explained in the tutorial. Can you please tell me, whether it is complaining about callback handler not present at the client side or at the server side... also, it s complaining about callback handler for username token?
My setup details : I set up http ssl with basic authentication as per tutorial (http://www.jroller.com/gmazza/entry/ssl_for_web_services) on basic doubleIt web service and then added ws-security as per (http://www.jroller.com/gmazza/entry/cxf_usernametoken_profile). For adding ws security I used Netbeans as explained in (http://www.jroller.com/gmazza/entry/metro_usernametoken_profile#MetroUT1), but I didn't add "ValidatorConfiguration" element in wsdl or PlainTestPasswordValidator in CXF server(because the code present in this class is specific to metro library). However I have http basic authentication enabled on my web service.. So, could this be the cause of this issue?? How can I provide usernameValidator in cxf? <text from doubleit.wsdl having ws-security) <sc:ValidatorConfiguration wspp:visibility="private"> <sc:Validator name="usernameValidator" classname="service.PlainTextPasswordValidator"/> </sc:ValidatorConfiguration> Thanks, Tulika Please find the log below: Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";> <soap:Header> <Action xmlns="http://www.w3.org/2005/08/addressing";>http://www.example.org/contract/DoubleIt/DoubleItPortType/DoubleItRequest</Action> <MessageID xmlns="http://www.w3.org/2005/08/addressing";>urn:uuid:3798aef3-027a-438f-b746-446633944a65</MessageID> <To xmlns="http://www.w3.org/2005/08/addressing";>https://localhost:8443/CXFWebService/services/DoubleItPort</To> <ReplyTo xmlns="http://www.w3.org/2005/08/addressing";> <Address>http://www.w3.org/2005/08/addressing/anonymous</Address> </ReplyTo> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; soap:mustUnderstand="1"> <wsu:Timestamp wsu:Id="TS-1"> <wsu:Created>2013-07-10T09:16:56.277Z</wsu:Created> <wsu:Expires>2013-07-10T09:21:56.277Z</wsu:Expires> </wsu:Timestamp> <wsse:UsernameToken wsu:Id="UsernameToken-2"> <wsse:Username>bob</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>trombone</wsse:Password> </wsse:UsernameToken> </wsse:Security> </soap:Header> <soap:Body> <ns2:DoubleIt xmlns:ns2="http://www.example.org/schema/DoubleIt";><numberToDouble>7</numberToDouble></ns2:DoubleIt> </soap:Body> </soap:Envelope> -------------------------------------- Jul 10, 2013 2:46:56 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage WARNING: org.apache.ws.security.WSSecurityException: General security error (WSSecurityEngine: No password callback supplied) at org.apache.ws.security.validate.UsernameTokenValidator.verifyDigestPassword(UsernameTokenValidator.java:155) at org.apache.ws.security.validate.UsernameTokenValidator.verifyPlaintextPassword(UsernameTokenValidator.java:142) at org.apache.ws.security.validate.UsernameTokenValidator.validate(UsernameTokenValidator.java:100) at org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:172) at org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:67) at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:277) at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:120) at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:105) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:237) at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:214) at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:194) at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:130) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:225) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:145) at javax.servlet.http.HttpServlet.service(HttpServlet.java:641) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:201) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:576) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:395) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:250) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:188) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:166) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662) Jul 10, 2013 2:46:56 PM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging WARNING: Interceptor for {http://www.example.org/contract/DoubleIt}DoubleItService has thrown exception, unwinding now org.apache.cxf.binding.soap.SoapFault: General security error (WSSecurityEngine: No password callback supplied) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:767) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:334) at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:120) at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:105) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:237) at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:214) at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:194) at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:130) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:225) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:145) at javax.servlet.http.HttpServlet.service(HttpServlet.java:641) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:201) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:576) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:395) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:250) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:188) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:166) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662) Caused by: org.apache.ws.security.WSSecurityException: General security error (WSSecurityEngine: No password callback supplied) at org.apache.ws.security.validate.UsernameTokenValidator.verifyDigestPassword(UsernameTokenValidator.java:155) at org.apache.ws.security.validate.UsernameTokenValidator.verifyPlaintextPassword(UsernameTokenValidator.java:142) at org.apache.ws.security.validate.UsernameTokenValidator.validate(UsernameTokenValidator.java:100) at org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:172) at org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:67) at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:277) ... 29 more Jul 10, 2013 2:46:56 PM org.apache.cxf.services.DoubleItService.DoubleItPort.DoubleItPortType INFO: Outbound Message --------------------------- ID: 4 Response-Code: 500 Encoding: UTF-8 Content-Type: text/xml Headers: {} Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><soap:Body><soap:Fault><faultcode>soap:Client</faultcode><faultstring>General security error (WSSecurityEngine: No password callback supplied)</faultstring></soap:Fault></soap:Body></soap:Envelope> -------------------------------------- Jul 10, 2013 2:50:41 PM org.apache.cxf.services.DoubleItService.DoubleItPort.DoubleItPortType INFO: Inbound Message ---------------------------- ID: 5 Address: https://localhost:8443/CXFWebService/services/DoubleItPort?wsdl Http-Method: GET Content-Type: text/xml Headers: {Accept=[*/*], Authorization=[Basic Ym9iOnRyb21ib25l], cache-control=[no-cache], connection=[keep-alive], content-type=[text/xml], host=[localhost:8443], pragma=[no-cache], user-agent=[Apache CXF 2.6.8]} -------------------------------------- Jul 10, 2013 2:50:51 PM org.apache.cxf.services.DoubleItService.DoubleItPort.DoubleItPortType INFO: Inbound Message ---------------------------- ID: 6 Address: https://localhost:8443/CXFWebService/services/DoubleItPort Encoding: UTF-8 Http-Method: POST Content-Type: text/xml; charset=UTF-8 Headers: {Accept=[*/*], Authorization=[Basic Ym9iOnRyb21ib25l], cache-control=[no-cache], connection=[keep-alive], Content-Length=[1373], content-type=[text/xml; charset=UTF-8], host=[localhost:8443], pragma=[no-cache], SOAPAction=[""], user-agent=[Apache CXF 2.6.8]} Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><soap:Header><Action xmlns="http://www.w3.org/2005/08/addressing";>http://www.example.org/contract/DoubleIt/DoubleItPortType/DoubleItRequest</Action><MessageID xmlns="http://www.w3.org/2005/08/addressing";>urn:uuid:525b8206-fa5f-4da5-84f9-82efe8bc128a</MessageID><To xmlns="http://www.w3.org/2005/08/addressing";>https://localhost:8443/CXFWebService/services/DoubleItPort</To><ReplyTo xmlns="http://www.w3.org/2005/08/addressing";><Address>http://www.w3.org/2005/08/addressing/anonymous</Address></ReplyTo><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; soap:mustUnderstand="1"><wsu:Timestamp wsu:Id="TS-1"><wsu:Created>2013-07-10T09:20:51.293Z</wsu:Created><wsu:Expires>2013-07-10T09:25:51.293Z</wsu:Expires></wsu:Timestamp><wsse:UsernameToken wsu:Id="UsernameToken-2"><wsse:Username>bob</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>trombone</wsse:Password></wsse:UsernameToken></wsse:Security></soap:Header><soap:Body><ns2:DoubleIt xmlns:ns2="http://www.example.org/schema/DoubleIt";><numberToDouble>7</numberToDouble></ns2:DoubleIt></soap:Body></soap:Envelope> -------------------------------------- Jul 10, 2013 2:50:51 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage WARNING: org.apache.ws.security.WSSecurityException: General security error (WSSecurityEngine: No password callback supplied) at org.apache.ws.security.validate.UsernameTokenValidator.verifyDigestPassword(UsernameTokenValidator.java:155) at org.apache.ws.security.validate.UsernameTokenValidator.verifyPlaintextPassword(UsernameTokenValidator.java:142) at org.apache.ws.security.validate.UsernameTokenValidator.validate(UsernameTokenValidator.java:100) -- View this message in context: http://cxf.547215.n5.nabble.com/UserName-token-security-on-CXF-General-security-error-WSSecurityEngine-No-password-callback-supplied-tp5730451p5730571.html Sent from the cxf-user mailing list archive at Nabble.com.
