You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by "Shah, Sumit (CGI Federal)" <Su...@cgifederal.com> on 2013/03/05 21:48:02 UTC
Rampart and WSS4J 1.6.x - USERNAME_TOKEN validation in Rampart
WS-Password Callback Handler
WSS4j 1.6.x deprecated the use of WSPasswordCallback.USERNAME_TOKEN_UNKNOWN (http://coheigea.blogspot.com/2011/02/usernametoken-processing-changes-in.html) which was one of the methods to validate the plain text passwords on the server side (@see Rampart Policy Sample01). Now, because of the deprecation it does not seem to be possible to validate plaintext password, especially when the server side callback handler does not have access to the plain text password to validate against the password on the incoming request. It seems like CXF has a way to plugin custom validators for WSS4J 1.6.x to support this model (http://coheigea.blogspot.com/2011/06/custom-token-validation-in-apache-cxf.html).
I would appreciate any thoughts from the community. Maybe I am missing something.
Thanks
Sumit
RE: Rampart and WSS4J 1.6.x - USERNAME_TOKEN validation in Rampart
WS-Password Callback Handler
Posted by "Shah, Sumit (CGI Federal)" <Su...@cgifederal.com>.
I did a little research and found that in the Rampart trunk, there is a change to address the issue below (also filed under https://issues.apache.org/jira/browse/RAMPART-374). The change is to introduce a custom RampartUsernameTokenValidator which is plugged in via the RampartMessageData. I am trying to make this change to Rampart 1.6.2 branch/tag since we are on Rampart 1.6.2. I tried the following steps:
1. SVN Checkout 1.6.2 tag http://svn.apache.org/repos/asf/axis/axis2/java/rampart/tags/v1.6.2
2. I tried building this in Eclipse using 'MVN Install'.
I get the following error when doing so. I would appreciate if you can please point me to build this correctly. I was able to build the trunk correctly(using the same steps), but somehow unable to build this tag.
[INFO] Scanning for projects...
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] Apache Rampart
[INFO] Rampart - Policy
[INFO] Rampart - Trust
[INFO] Rampart - Core
[INFO] Rampart - Test Suite
[INFO] Rampart - Mar
[INFO] Rampart - Trust-Mar
[INFO] Rampart - Integration
[INFO] Rampart - Samples
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building Apache Rampart 1.6.2
[INFO] ------------------------------------------------------------------------
[INFO]
[INFO] --- maven-remote-resources-plugin:1.1:process (default) @ rampart-project ---
[INFO] Setting property: classpath.resource.loader.class => 'org.codehaus.plexus.velocity.ContextClassLoaderResourceLoader'.
[INFO] Setting property: velocimacro.messages.on => 'false'.
[INFO] Setting property: resource.loader => 'classpath'.
[INFO] Setting property: resource.manager.logwhenfound => 'false'.
[WARNING] Invalid POM for org.apache.axis2:axis2-kernel:jar:1.6.2, transitive dependencies (if any) will not be available, enable debug logging for more details
[WARNING] Invalid POM for org.apache.axis2:mex:jar:impl:1.6.2, transitive dependencies (if any) will not be available, enable debug logging for more details
[WARNING] Invalid POM for org.apache.axis2:axis2-mtompolicy:jar:1.6.2, transitive dependencies (if any) will not be available, enable debug logging for more details
[WARNING] Invalid POM for org.apache.axis2:addressing:mar:1.6.2, transitive dependencies (if any) will not be available, enable debug logging for more details
[WARNING] Invalid POM for org.apache.ws.commons.axiom:axiom-dom:jar:1.2.13, transitive dependencies (if any) will not be available, enable debug logging for more details
[WARNING] Invalid project model for artifact [addressing:org.apache.axis2:1.6.2]. It will be ignored by the remote resources Mojo.
[WARNING] Invalid project model for artifact [axiom-dom:org.apache.ws.commons.axiom:1.2.13]. It will be ignored by the remote resources Mojo.
[WARNING] Invalid project model for artifact [axis2-kernel:org.apache.axis2:1.6.2]. It will be ignored by the remote resources Mojo.
[WARNING] Invalid project model for artifact [axis2-mtompolicy:org.apache.axis2:1.6.2]. It will be ignored by the remote resources Mojo.
[WARNING] Invalid project model for artifact [mex:org.apache.axis2:1.6.2]. It will be ignored by the remote resources Mojo.
[INFO]
[INFO] --- maven-install-plugin:2.3:install (default-install) @ rampart-project ---
[INFO] Installing D:\dev\git\workspace\rampart-v1.6.2\v1.6.2\pom.xml to C:\Users\sumshah\.m2\repository\org\apache\rampart\rampart-project\1.6.2\rampart-project-1.6.2.pom
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building Rampart - Policy 1.6.2
[INFO] ------------------------------------------------------------------------
[WARNING] The POM for org.apache.axis2:axis2-kernel:jar:1.6.2 is invalid, transitive dependencies (if any) will not be available, enable debug logging for more details
[WARNING] The POM for org.apache.axis2:mex:jar:impl:1.6.2 is invalid, transitive dependencies (if any) will not be available, enable debug logging for more details
[WARNING] The POM for org.apache.axis2:axis2-mtompolicy:jar:1.6.2 is invalid, transitive dependencies (if any) will not be available, enable debug logging for more details
[WARNING] The POM for org.apache.axis2:addressing:mar:1.6.2 is invalid, transitive dependencies (if any) will not be available, enable debug logging for more details
[WARNING] The POM for org.apache.ws.commons.axiom:axiom-dom:jar:1.2.13 is invalid, transitive dependencies (if any) will not be available, enable debug logging for more details
[INFO]
[INFO] --- maven-remote-resources-plugin:1.1:process (default) @ rampart-policy ---
[WARNING] Invalid project model for artifact [addressing:org.apache.axis2:1.6.2]. It will be ignored by the remote resources Mojo.
[WARNING] Invalid project model for artifact [axiom-dom:org.apache.ws.commons.axiom:1.2.13]. It will be ignored by the remote resources Mojo.
[WARNING] Invalid project model for artifact [axis2-kernel:org.apache.axis2:1.6.2]. It will be ignored by the remote resources Mojo.
[WARNING] Invalid project model for artifact [axis2-mtompolicy:org.apache.axis2:1.6.2]. It will be ignored by the remote resources Mojo.
[WARNING] Invalid project model for artifact [mex:org.apache.axis2:1.6.2]. It will be ignored by the remote resources Mojo.
[INFO]
[INFO] --- maven-resources-plugin:2.4:resources (default-resources) @ rampart-policy ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 1 resource
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:2.0:compile (default-compile) @ rampart-policy ---
Compiling 89 source files to D:\dev\git\workspace\rampart-v1.6.2\v1.6.2\modules\rampart-policy\target\classes
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Apache Rampart .................................... SUCCESS [0.972s]
[INFO] Rampart - Policy .................................. FAILURE [0.725s]
[INFO] Rampart - Trust ................................... SKIPPED
[INFO] Rampart - Core .................................... SKIPPED
[INFO] Rampart - Test Suite .............................. SKIPPED
[INFO] Rampart - Mar ..................................... SKIPPED
[INFO] Rampart - Trust-Mar ............................... SKIPPED
[INFO] Rampart - Integration ............................. SKIPPED
[INFO] Rampart - Samples ................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.349s
[INFO] Finished at: Thu Mar 07 12:25:09 EST 2013
[INFO] Final Memory: 17M/328M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:2.0:compile (default-compile) on project rampart-policy: Compilation failure: Compilation failure:
[ERROR] error: error reading C:\Users\sumshah\.m2\repository\org\apache\axis2\axis2-kernel\1.6.2\axis2-kernel-1.6.2.jar; error in opening zip file
[ERROR] error: error reading C:\Users\sumshah\.m2\repository\org\apache\axis2\mex\1.6.2\mex-1.6.2-impl.jar; error in opening zip file
[ERROR] error: error reading C:\Users\sumshah\.m2\repository\org\apache\axis2\axis2-mtompolicy\1.6.2\axis2-mtompolicy-1.6.2.jar; error in opening zip file
[ERROR] error: error reading C:\Users\sumshah\.m2\repository\org\apache\ws\commons\axiom\axiom-dom\1.2.13\axiom-dom-1.2.13.jar; error in opening zip file
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <goals> -rf :rampart-policy
From: Shah, Sumit (CGI Federal)
Sent: Tuesday, March 05, 2013 3:48 PM
To: java-user@axis.apache.org
Subject: Rampart and WSS4J 1.6.x - USERNAME_TOKEN validation in Rampart WS-Password Callback Handler
WSS4j 1.6.x deprecated the use of WSPasswordCallback.USERNAME_TOKEN_UNKNOWN (http://coheigea.blogspot.com/2011/02/usernametoken-processing-changes-in.html) which was one of the methods to validate the plain text passwords on the server side (@see Rampart Policy Sample01). Now, because of the deprecation it does not seem to be possible to validate plaintext password, especially when the server side callback handler does not have access to the plain text password to validate against the password on the incoming request. It seems like CXF has a way to plugin custom validators for WSS4J 1.6.x to support this model (http://coheigea.blogspot.com/2011/06/custom-token-validation-in-apache-cxf.html).
I would appreciate any thoughts from the community. Maybe I am missing something.
Thanks
Sumit
RE: Rampart and WSS4J 1.6.x - USERNAME_TOKEN validation in Rampart
WS-Password Callback Handler
Posted by "Shah, Sumit (CGI Federal)" <Su...@cgifederal.com>.
I did a little research and found that in the Rampart trunk, there is a change to address the issue below (also filed under https://issues.apache.org/jira/browse/RAMPART-374). The change is to introduce a custom RampartUsernameTokenValidator which is plugged in via the RampartMessageData. I am trying to make this change to Rampart 1.6.2 branch/tag since we are on Rampart 1.6.2. I tried the following steps:
1. SVN Checkout 1.6.2 tag http://svn.apache.org/repos/asf/axis/axis2/java/rampart/tags/v1.6.2
2. I tried building this in Eclipse using 'MVN Install'.
I get the following error when doing so. I would appreciate if you can please point me to build this correctly. I was able to build the trunk correctly(using the same steps), but somehow unable to build this tag.
[INFO] Scanning for projects...
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] Apache Rampart
[INFO] Rampart - Policy
[INFO] Rampart - Trust
[INFO] Rampart - Core
[INFO] Rampart - Test Suite
[INFO] Rampart - Mar
[INFO] Rampart - Trust-Mar
[INFO] Rampart - Integration
[INFO] Rampart - Samples
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building Apache Rampart 1.6.2
[INFO] ------------------------------------------------------------------------
[INFO]
[INFO] --- maven-remote-resources-plugin:1.1:process (default) @ rampart-project ---
[INFO] Setting property: classpath.resource.loader.class => 'org.codehaus.plexus.velocity.ContextClassLoaderResourceLoader'.
[INFO] Setting property: velocimacro.messages.on => 'false'.
[INFO] Setting property: resource.loader => 'classpath'.
[INFO] Setting property: resource.manager.logwhenfound => 'false'.
[WARNING] Invalid POM for org.apache.axis2:axis2-kernel:jar:1.6.2, transitive dependencies (if any) will not be available, enable debug logging for more details
[WARNING] Invalid POM for org.apache.axis2:mex:jar:impl:1.6.2, transitive dependencies (if any) will not be available, enable debug logging for more details
[WARNING] Invalid POM for org.apache.axis2:axis2-mtompolicy:jar:1.6.2, transitive dependencies (if any) will not be available, enable debug logging for more details
[WARNING] Invalid POM for org.apache.axis2:addressing:mar:1.6.2, transitive dependencies (if any) will not be available, enable debug logging for more details
[WARNING] Invalid POM for org.apache.ws.commons.axiom:axiom-dom:jar:1.2.13, transitive dependencies (if any) will not be available, enable debug logging for more details
[WARNING] Invalid project model for artifact [addressing:org.apache.axis2:1.6.2]. It will be ignored by the remote resources Mojo.
[WARNING] Invalid project model for artifact [axiom-dom:org.apache.ws.commons.axiom:1.2.13]. It will be ignored by the remote resources Mojo.
[WARNING] Invalid project model for artifact [axis2-kernel:org.apache.axis2:1.6.2]. It will be ignored by the remote resources Mojo.
[WARNING] Invalid project model for artifact [axis2-mtompolicy:org.apache.axis2:1.6.2]. It will be ignored by the remote resources Mojo.
[WARNING] Invalid project model for artifact [mex:org.apache.axis2:1.6.2]. It will be ignored by the remote resources Mojo.
[INFO]
[INFO] --- maven-install-plugin:2.3:install (default-install) @ rampart-project ---
[INFO] Installing D:\dev\git\workspace\rampart-v1.6.2\v1.6.2\pom.xml to C:\Users\sumshah\.m2\repository\org\apache\rampart\rampart-project\1.6.2\rampart-project-1.6.2.pom
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building Rampart - Policy 1.6.2
[INFO] ------------------------------------------------------------------------
[WARNING] The POM for org.apache.axis2:axis2-kernel:jar:1.6.2 is invalid, transitive dependencies (if any) will not be available, enable debug logging for more details
[WARNING] The POM for org.apache.axis2:mex:jar:impl:1.6.2 is invalid, transitive dependencies (if any) will not be available, enable debug logging for more details
[WARNING] The POM for org.apache.axis2:axis2-mtompolicy:jar:1.6.2 is invalid, transitive dependencies (if any) will not be available, enable debug logging for more details
[WARNING] The POM for org.apache.axis2:addressing:mar:1.6.2 is invalid, transitive dependencies (if any) will not be available, enable debug logging for more details
[WARNING] The POM for org.apache.ws.commons.axiom:axiom-dom:jar:1.2.13 is invalid, transitive dependencies (if any) will not be available, enable debug logging for more details
[INFO]
[INFO] --- maven-remote-resources-plugin:1.1:process (default) @ rampart-policy ---
[WARNING] Invalid project model for artifact [addressing:org.apache.axis2:1.6.2]. It will be ignored by the remote resources Mojo.
[WARNING] Invalid project model for artifact [axiom-dom:org.apache.ws.commons.axiom:1.2.13]. It will be ignored by the remote resources Mojo.
[WARNING] Invalid project model for artifact [axis2-kernel:org.apache.axis2:1.6.2]. It will be ignored by the remote resources Mojo.
[WARNING] Invalid project model for artifact [axis2-mtompolicy:org.apache.axis2:1.6.2]. It will be ignored by the remote resources Mojo.
[WARNING] Invalid project model for artifact [mex:org.apache.axis2:1.6.2]. It will be ignored by the remote resources Mojo.
[INFO]
[INFO] --- maven-resources-plugin:2.4:resources (default-resources) @ rampart-policy ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 1 resource
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:2.0:compile (default-compile) @ rampart-policy ---
Compiling 89 source files to D:\dev\git\workspace\rampart-v1.6.2\v1.6.2\modules\rampart-policy\target\classes
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Apache Rampart .................................... SUCCESS [0.972s]
[INFO] Rampart - Policy .................................. FAILURE [0.725s]
[INFO] Rampart - Trust ................................... SKIPPED
[INFO] Rampart - Core .................................... SKIPPED
[INFO] Rampart - Test Suite .............................. SKIPPED
[INFO] Rampart - Mar ..................................... SKIPPED
[INFO] Rampart - Trust-Mar ............................... SKIPPED
[INFO] Rampart - Integration ............................. SKIPPED
[INFO] Rampart - Samples ................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.349s
[INFO] Finished at: Thu Mar 07 12:25:09 EST 2013
[INFO] Final Memory: 17M/328M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:2.0:compile (default-compile) on project rampart-policy: Compilation failure: Compilation failure:
[ERROR] error: error reading C:\Users\sumshah\.m2\repository\org\apache\axis2\axis2-kernel\1.6.2\axis2-kernel-1.6.2.jar; error in opening zip file
[ERROR] error: error reading C:\Users\sumshah\.m2\repository\org\apache\axis2\mex\1.6.2\mex-1.6.2-impl.jar; error in opening zip file
[ERROR] error: error reading C:\Users\sumshah\.m2\repository\org\apache\axis2\axis2-mtompolicy\1.6.2\axis2-mtompolicy-1.6.2.jar; error in opening zip file
[ERROR] error: error reading C:\Users\sumshah\.m2\repository\org\apache\ws\commons\axiom\axiom-dom\1.2.13\axiom-dom-1.2.13.jar; error in opening zip file
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <goals> -rf :rampart-policy
From: Shah, Sumit (CGI Federal)
Sent: Tuesday, March 05, 2013 3:48 PM
To: java-user@axis.apache.org
Subject: Rampart and WSS4J 1.6.x - USERNAME_TOKEN validation in Rampart WS-Password Callback Handler
WSS4j 1.6.x deprecated the use of WSPasswordCallback.USERNAME_TOKEN_UNKNOWN (http://coheigea.blogspot.com/2011/02/usernametoken-processing-changes-in.html) which was one of the methods to validate the plain text passwords on the server side (@see Rampart Policy Sample01). Now, because of the deprecation it does not seem to be possible to validate plaintext password, especially when the server side callback handler does not have access to the plain text password to validate against the password on the incoming request. It seems like CXF has a way to plugin custom validators for WSS4J 1.6.x to support this model (http://coheigea.blogspot.com/2011/06/custom-token-validation-in-apache-cxf.html).
I would appreciate any thoughts from the community. Maybe I am missing something.
Thanks
Sumit