You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cxf.apache.org by wangjlc <wa...@163.com> on 2014/12/18 13:44:21 UTC
CXF3 Server-side security validation problems
Ask an expert a question, please comment*I'm using CXF3.0.1, WS-context.XML
on the server side configuration is as follows:*<?xml version="1.0"
encoding="UTF-8"?>
*Server-side callback class:*import java.io.IOException;import
javax.security.auth.callback.Callback;import
javax.security.auth.callback.CallbackHandler;import
javax.security.auth.callback.UnsupportedCallbackException;import
org.apache.cxf.interceptor.Fault;import
org.apache.wss4j.common.ext.WSPasswordCallback;import
org.apache.xmlbeans.impl.soap.SOAPException;public class WsAuthHandler
implements CallbackHandler { public void handle(Callback[] callbacks) throws
IOException, UnsupportedCallbackException { String ws_pwd = "test";
String ws_user = "test"; for (int i = 0; i < callbacks.length; i++) {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[i]; String
identifier = pc.getIdentifier(); String pwd = pc.getPassword(); int
usage = pc.getUsage(); if(ws_user.equals(identifier)){ if (usage ==
WSPasswordCallback.USERNAME_TOKEN) { pc.setPassword(ws_pwd); } else
if (usage == WSPasswordCallback.SIGNATURE) { pc.setPassword(ws_pwd);
} } } }}*Server-side service class as follows*public class
TestServer { TestServer(String args){ Iproviderconnector ews = new
iproviderconnectorSOAPImpl(); JaxWsServerFactoryBean factory = new
JaxWsServerFactoryBean();
factory.setServiceClass(Iproviderconnector.class);
factory.setAddress("http://localhost:9000/Iproviderconnector");
factory.setServiceBean(ews); factory.create(); } public static void
main(String[] args)throws InterruptedException{ new
TestServer("Iproviderconnector"); System.out.println("Server ready...");
Thread.sleep(1000*60); System.out.println("Server exit...");
System.exit(0); }}*Use the weblogic11g, client access, and WebLogic error,
as follows:*2014-12-18 16:09:26 org.apache.cxf.phase.PhaseInterceptorChain
doDefaultLoggingWARNING: Interceptor for
{http://adapter.ws.mb.payment.dcfs.com/}IproviderconnectorService#{http://adapter.ws.mb.payment.dcfs.com/}doCommon
has thrown exception, unwinding nowThrowable occurred:
org.apache.cxf.binding.soap.SoapFault: MustUnderstand headers:
[{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security]
are not understood. at
org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$MustUnderstandEndingInterceptor.handleMessage(MustUnderstandInterceptor.java:281)
at
org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$MustUnderstandEndingInterceptor.handleMessage(MustUnderstandInterceptor.java:259)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:243)
at
org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:261)
at
org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:70)
at
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1088)
at
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1024)
at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
at
org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
at org.eclipse.jetty.server.Server.handle(Server.java:370) at
org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494)
at
org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:982)
at
org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1043)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:957) at
org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240) at
org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
at
org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:696)
at
org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:53)
at
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
at
org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
at java.lang.Thread.run(Thread.java:738)Please helpBest wishes
--
View this message in context: http://cxf.547215.n5.nabble.com/CXF3-Server-side-security-validation-problems-tp5752503.html
Sent from the cxf-dev mailing list archive at Nabble.com.