You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Brian Woo <wo...@gmail.com> on 2005/11/24 23:05:12 UTC
Possible Bug? WSConstants.PASSWORD_TEXT set but PasswordDigest sent...
Hi all,
I might have found a bug in the (WSS4J / AXIS). I have tried to send a
UsernameToken in plain text (PASSWORD_TEXT) but the SOAP message is sending
a PasswordDigest block instead. Note that, the server handler can see
decode the SOAP message and get my username correctly.
private void doSomething()
{
//modify the path to the client_deploy.wsdd
EngineConfiguration config = new FileProvider(
"client_deploy_without_parameters.wsdd");
DummyServiceService locator = new DummyServiceServiceLocator(
config);
try
{
Remote remote = locator.getPort(DummyService.class);
Stub axisPort = (Stub) remote;
axisPort._setProperty(WSHandlerConstants.ACTION,
WSHandlerConstants.USERNAME_TOKEN);
axisPort._setProperty(UsernameToken.PASSWORD_TYPE,
WSConstants.PASSWORD_TEXT);
axisPort._setProperty(WSHandlerConstants.USER, "bwoo");
// Use my Handler class...
ClientAuthenticationHandler pwCallback = new
ClientAuthenticationHandler();
axisPort._setProperty(WSHandlerConstants.PW_CALLBACK_REF,
pwCallback);
DummyServiceSoapBindingStub service =
(DummyServiceSoapBindingStub) axisPort;
System.out.println("Calling service...");
service.doSomething();
}
catch (Exception e)
{
e.printStackTrace();
}
}
And this is the actually SOAP sent (sending PasswordDigest):
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header>
<wsse:Security xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
soapenv:mustUnderstand="1">
<wsse:UsernameToken>
<wsse:Username>bwoo</wsse:Username>
<wsse:Password Type="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest"
>QxdnxcARsfL55IBpxa7dgaDEIYU=</wsse:Password>
<wsse:Nonce>RQ6MrBY1RBEQXCN998yb2Q==</wsse:Nonce>
<wsu:Created xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>2005-11-24T21:54:46.350Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<doSomething/>
</soapenv:Body>
</soapenv:Envelope>
I have found someone reporting the same problem, but no response:
http://www.mail-archive.com/fx-dev@ws.apache.org/msg00182.html
Is this a bug or am I missing something?
Re: Possible Bug? WSConstants.PASSWORD_TEXT set but PasswordDigest sent...
Posted by Brian Woo <wo...@gmail.com>.
and BTW, this is my WSDD. I have the parameters removed:
<deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="
http://xml.apache.org/axis/wsdd/providers/java">
<transport name="http" pivot="java:
org.apache.axis.transport.http.HTTPSender"/>
<globalConfiguration >
<requestFlow >
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<!-- parameters removed -->
</handler>
</requestFlow >
</globalConfiguration >
</deployment>
On 11/24/05, Brian Woo <wo...@gmail.com> wrote:
>
> Hi all,
>
> I might have found a bug in the (WSS4J / AXIS). I have tried to send a
> UsernameToken in plain text (PASSWORD_TEXT) but the SOAP message is sending
> a PasswordDigest block instead. Note that, the server handler can see
> decode the SOAP message and get my username correctly.
>
>
> private void doSomething()
> {
> //modify the path to the client_deploy.wsdd
> EngineConfiguration config = new FileProvider(
> "client_deploy_without_parameters.wsdd");
> DummyServiceService locator = new DummyServiceServiceLocator(
> config);
>
> try
> {
> Remote remote = locator.getPort(DummyService.class);
> Stub axisPort = (Stub) remote;
> axisPort._setProperty(WSHandlerConstants.ACTION,
> WSHandlerConstants.USERNAME_TOKEN);
> axisPort._setProperty(UsernameToken.PASSWORD_TYPE,
> WSConstants.PASSWORD_TEXT );
> axisPort._setProperty(WSHandlerConstants.USER, "bwoo");
>
> // Use my Handler class...
> ClientAuthenticationHandler pwCallback = new
> ClientAuthenticationHandler();
> axisPort._setProperty(WSHandlerConstants.PW_CALLBACK_REF,
> pwCallback);
>
> DummyServiceSoapBindingStub service =
> (DummyServiceSoapBindingStub) axisPort;
>
> System.out.println("Calling service...");
> service.doSomething();
> }
> catch (Exception e)
> {
> e.printStackTrace();
> }
> }
>
>
> And this is the actually SOAP sent (sending PasswordDigest):
>
> <?xml version="1.0" encoding="UTF-8"?>
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:xsd=" http://www.w3.org/2001/XMLSchema" xmlns:xsi="
> http://www.w3.org/2001/XMLSchema-instance">
> <soapenv:Header>
> <wsse:Security xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> soapenv:mustUnderstand="1">
> <wsse:UsernameToken>
> <wsse:Username>bwoo</wsse:Username>
> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest"<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest%22>
> >QxdnxcARsfL55IBpxa7dgaDEIYU=</wsse:Password>
> <wsse:Nonce>RQ6MrBY1RBEQXCN998yb2Q==</wsse:Nonce>
> <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>
> <http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd%22>
> >2005-11-24T21:54:46.350Z</wsu:Created>
> </wsse:UsernameToken>
> </wsse:Security>
> </soapenv:Header>
> <soapenv:Body>
> <doSomething/>
> </soapenv:Body>
> </soapenv:Envelope>
>
>
> I have found someone reporting the same problem, but no response:
> http://www.mail-archive.com/fx-dev@ws.apache.org/msg00182.html
>
> Is this a bug or am I missing something?
>
--
Regards,
Brian Woo
Re: Possible Bug? WSConstants.PASSWORD_TEXT set but PasswordDigest sent...
Posted by Brian Woo <wo...@gmail.com>.
and BTW, this is my WSDD. I have the parameters removed:
<deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="
http://xml.apache.org/axis/wsdd/providers/java">
<transport name="http" pivot="java:
org.apache.axis.transport.http.HTTPSender"/>
<globalConfiguration >
<requestFlow >
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<!-- parameters removed -->
</handler>
</requestFlow >
</globalConfiguration >
</deployment>
On 11/24/05, Brian Woo <wo...@gmail.com> wrote:
>
> Hi all,
>
> I might have found a bug in the (WSS4J / AXIS). I have tried to send a
> UsernameToken in plain text (PASSWORD_TEXT) but the SOAP message is sending
> a PasswordDigest block instead. Note that, the server handler can see
> decode the SOAP message and get my username correctly.
>
>
> private void doSomething()
> {
> //modify the path to the client_deploy.wsdd
> EngineConfiguration config = new FileProvider(
> "client_deploy_without_parameters.wsdd");
> DummyServiceService locator = new DummyServiceServiceLocator(
> config);
>
> try
> {
> Remote remote = locator.getPort(DummyService.class);
> Stub axisPort = (Stub) remote;
> axisPort._setProperty(WSHandlerConstants.ACTION,
> WSHandlerConstants.USERNAME_TOKEN);
> axisPort._setProperty(UsernameToken.PASSWORD_TYPE,
> WSConstants.PASSWORD_TEXT );
> axisPort._setProperty(WSHandlerConstants.USER, "bwoo");
>
> // Use my Handler class...
> ClientAuthenticationHandler pwCallback = new
> ClientAuthenticationHandler();
> axisPort._setProperty(WSHandlerConstants.PW_CALLBACK_REF,
> pwCallback);
>
> DummyServiceSoapBindingStub service =
> (DummyServiceSoapBindingStub) axisPort;
>
> System.out.println("Calling service...");
> service.doSomething();
> }
> catch (Exception e)
> {
> e.printStackTrace();
> }
> }
>
>
> And this is the actually SOAP sent (sending PasswordDigest):
>
> <?xml version="1.0" encoding="UTF-8"?>
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:xsd=" http://www.w3.org/2001/XMLSchema" xmlns:xsi="
> http://www.w3.org/2001/XMLSchema-instance">
> <soapenv:Header>
> <wsse:Security xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> soapenv:mustUnderstand="1">
> <wsse:UsernameToken>
> <wsse:Username>bwoo</wsse:Username>
> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest"<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest%22>
> >QxdnxcARsfL55IBpxa7dgaDEIYU=</wsse:Password>
> <wsse:Nonce>RQ6MrBY1RBEQXCN998yb2Q==</wsse:Nonce>
> <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>
> <http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd%22>
> >2005-11-24T21:54:46.350Z</wsu:Created>
> </wsse:UsernameToken>
> </wsse:Security>
> </soapenv:Header>
> <soapenv:Body>
> <doSomething/>
> </soapenv:Body>
> </soapenv:Envelope>
>
>
> I have found someone reporting the same problem, but no response:
> http://www.mail-archive.com/fx-dev@ws.apache.org/msg00182.html
>
> Is this a bug or am I missing something?
>
--
Regards,
Brian Woo