You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cxf.apache.org by wangjlc <wa...@163.com> on 2014/12/18 13:44:21 UTC

CXF3 Server-side security validation problems

Ask an expert a question, please comment*I'm using CXF3.0.1, WS-context.XML
on the server side configuration is as follows:*<?xml version="1.0"
encoding="UTF-8"?>																																																																							
*Server-side callback class:*import java.io.IOException;import
javax.security.auth.callback.Callback;import
javax.security.auth.callback.CallbackHandler;import
javax.security.auth.callback.UnsupportedCallbackException;import
org.apache.cxf.interceptor.Fault;import
org.apache.wss4j.common.ext.WSPasswordCallback;import
org.apache.xmlbeans.impl.soap.SOAPException;public class WsAuthHandler
implements CallbackHandler {	public void handle(Callback[] callbacks) throws
IOException,			UnsupportedCallbackException {				String ws_pwd = "test";	
String ws_user = "test";				for (int i = 0; i < callbacks.length; i++) {		
WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];			String
identifier = pc.getIdentifier();			String pwd = pc.getPassword();			int
usage = pc.getUsage();						if(ws_user.equals(identifier)){				if (usage ==
WSPasswordCallback.USERNAME_TOKEN) {					pc.setPassword(ws_pwd);				} else
if (usage == WSPasswordCallback.SIGNATURE) {					pc.setPassword(ws_pwd);			
}							}					}	}}*Server-side service class as follows*public class
TestServer {		TestServer(String args){			Iproviderconnector ews = new
iproviderconnectorSOAPImpl();	 			JaxWsServerFactoryBean factory = new
JaxWsServerFactoryBean(); 			
factory.setServiceClass(Iproviderconnector.class);		
factory.setAddress("http://localhost:9000/Iproviderconnector");		
factory.setServiceBean(ews);			factory.create();		}						public static void
main(String[] args)throws InterruptedException{									new
TestServer("Iproviderconnector");			System.out.println("Server ready..."); 		
Thread.sleep(1000*60);    			System.out.println("Server exit...");		
System.exit(0); 		}}*Use the weblogic11g, client access, and WebLogic error,
as follows:*2014-12-18 16:09:26 org.apache.cxf.phase.PhaseInterceptorChain
doDefaultLoggingWARNING: Interceptor for
{http://adapter.ws.mb.payment.dcfs.com/}IproviderconnectorService#{http://adapter.ws.mb.payment.dcfs.com/}doCommon
has thrown exception, unwinding nowThrowable occurred:
org.apache.cxf.binding.soap.SoapFault: MustUnderstand headers:
[{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security]
are not understood.	at
org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$MustUnderstandEndingInterceptor.handleMessage(MustUnderstandInterceptor.java:281)
at
org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$MustUnderstandEndingInterceptor.handleMessage(MustUnderstandInterceptor.java:259)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:243)
at
org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:261)
at
org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:70)
at
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1088)
at
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1024)
at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
at
org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
at org.eclipse.jetty.server.Server.handle(Server.java:370)	at
org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494)
at
org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:982)
at
org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1043)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:957)	at
org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)	at
org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
at
org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:696)
at
org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:53)
at
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
at
org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
at java.lang.Thread.run(Thread.java:738)Please helpBest wishes



--
View this message in context: http://cxf.547215.n5.nabble.com/CXF3-Server-side-security-validation-problems-tp5752503.html
Sent from the cxf-dev mailing list archive at Nabble.com.