You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by David Jencks <da...@yahoo.com> on 2009/07/27 01:35:45 UTC
Re: [soap:Fault] pwd == null but a password is needed
I chatted with Rahul on IRC a bit, and it looks to me as if his code
is doing what cxf and wss4j expect.
I think the next step is to figure out exactly where the fault is
coming from.
I would grep the cxf and wss4j source code for "but a password is
needed". If that doesn't find the source I would run geronimo in the
debugger and put a breakpoint at the end of the handle(CallbackHandler
handler) method and step through the code.
I also wonder if the fault is from the WSS4jOutInterceptor.
thanks
david jencks
On Jul 26, 2009, at 4:20 PM, rahul.soa wrote:
> Just one amendment here in my speculation about the fault cause.
>
> I wrote this in the previous thread,
>
>
> "but I dont know why I am getting this error pwd == null but a
> password is needed at pwcb.setPassword(passwd);"
>
> Now, i dont think this fault is coming from here
> pwcb.setPassword(passwd);
>
> as I have tested it by removing the following code to be sure about
> the fault
>
> if (!pwcb.getPassword().equals(passwd)) {
> LOG.debug("wrong password");
> throw new IOException("wrong password");
> } else {
> LOG.debug("I am setting the password
> here ::::" + passwd);
> pwcb.setPassword(passwd);
> }
>
> from ServerPasswordHandler and I still have the same fault error in
> the response.
>
> Please correct me if I am wrong somewhere. I am not sure where this
> fault come from?
>
> Thank you.
>
> Best Regards,
> Rahul
> On Mon, Jul 27, 2009 at 12:07 AM, rahul.soa
> <ra...@googlemail.com> wrote:
> Hello David/Devs,
>
> Objective: trying to set web service security at serverside:
>
> I am getting an error while accessing the secured webservice. The
> soap fault I am receiving is below:
>
> Response:
>
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/
> envelope/"><soap:Body><soap:Fault><faultcode>soap:Server</
> faultcode><faultstring>pwd == null but a password is needed</
> faultstring></soap:Fault></soap:Body></soap:Envelope>
>
> Request:
>
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/
> envelope/"><soap:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> " soap:mustUnderstand="1"><wsse:UsernameToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> " xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> " wsu:Id="UsernameToken-32620541"><wsse:Username xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> ">system</wsse:Username><wsse:Password xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> " Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText
> ">manager</wsse:Password></wsse:UsernameToken></wsse:Security></
> soap:Header><soap:Body><add xmlns="http://jws.samples.geronimo.apache.org
> "><value1>2</value1><value2>2</value2></add></soap:Body></
> soap:Envelope>
>
>
> How I am trying to do is,
>
> 1. At, server side (in the doPublish method of CXFEndpoint), I am
> setting the WSS4JIn/OutInterceptor property for user token (please
> note: this is not generic code at this moment)
>
> protected void doPublish(String baseAddress) {
> // XXX: assume port 8080 by default since we don't know the
> actual port
> // at startup
> String address = (baseAddress == null) ? "http://localhost:8080
> "
> : baseAddress;
>
> JaxWsServerFactoryBean svrFactory = new
> GeronimoJaxWsServerFactoryBean();
> svrFactory.setBus(bus);
> svrFactory.setAddress(address + this.portInfo.getLocation());
> svrFactory.setServiceFactory(serviceFactory);
> svrFactory.setStart(false);
> svrFactory.setServiceBean(implementor);
>
> if
> (HTTPBinding.HTTP_BINDING.equals(implInfo.getBindingType())) {
> svrFactory.setTransportId("http://cxf.apache.org/bindings/xformat
> ");
> }
>
> // to receive the incoming username/password in soap request
> Map inProps = new HashMap();
> inProps.put(WSHandlerConstants.ACTION,
> WSHandlerConstants.USERNAME_TOKEN);
> inProps.put(WSHandlerConstants.PASSWORD_TYPE,
> WSConstants.PW_TEXT);
> inProps.put(WSHandlerConstants.USER, "system");
> inProps.put(WSHandlerConstants.PW_CALLBACK_REF,
> new ServerPasswordHandler());
>
> server = svrFactory.create();
> // to receive the secure header
> WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
> // to send the secure soap header
> WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(inProps);
> init();
>
> org.apache.cxf.endpoint.Endpoint endpoint = getEndpoint();
>
> endpoint.getInInterceptors().add(wssIn);
> endpoint.getInInterceptors().add(
> new
> org.apache.cxf.binding.soap.saaj.SAAJInInterceptor());
>
> endpoint.getOutInterceptors().add(wssOut);
> endpoint.getOutInterceptors().add(
> new
> org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor());
> LOG.debug("So far set the interceptor");
> //
>
> if (getBinding() instanceof SOAPBinding
> && this.portInfo.isMTOMEnabled() != null) {
> ((SOAPBinding) getBinding()).setMTOMEnabled(this.portInfo
> .isMTOMEnabled());
> }
>
> server.start();
> LOG.debug("Invoked");
>
> }
>
> I am setting up the login authentication and setting the password in
> the Server Handler, like following:
>
>
> public class ServerPasswordHandler implements CallbackHandler {
>
> private static final Logger LOG = LoggerFactory
> .getLogger(ServerPasswordHandler.class);
>
> public void handle(Callback[] callbacks) throws IOException,
> UnsupportedCallbackException {
>
> for (int i = 0; i < callbacks.length; i++) {
> WSPasswordCallback pwcb = (WSPasswordCallback)
> callbacks[i];
> if (pwcb.getUsage() ==
> WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
> LOG.debug("I am inside the ServerPasswordHandler");
> String username = pwcb.getIdentifier();
> String passwd = pwcb.getPassword();
>
> LoginContext context = null;
> try {
> // Login authentication goes here
> // use the existing security realm for the
> moment for testing
> context = ContextManager.login("geronimo-admin",
> new
> UsernamePasswordCallbackHandler(username,
> passwd));
> // ContextManager.login(realm, callbackHandler,
> // configuration)
> context.login();
> LOG.debug("login is successful");
> } catch (LoginException e) {
> LOG.debug("login failed");
> throw new IOException("Unable to verify " +
> username
> + " and " + passwd);
> }
>
> //TODO: what to do with subject
> Subject subject = context.getSubject();
> ContextManager.setCallers(subject, subject);
>
> if (!pwcb.getPassword().equals(passwd)) {
> LOG.debug("wrong password");
> throw new IOException("wrong password");
> } else {
> LOG.debug("I am setting the password
> here ::::"
> + passwd);
> pwcb.setPassword(passwd);
> }
>
> }
>
> }
> }
>
> }
>
>
> In the traces, I can see the password value is "manager" which is
> sent by client
> I am setting the password here ::::manager
>
> but I dont know why I am getting this error pwd == null but a
> password is needed at pwcb.setPassword(passwd);
>
> Login authentication goes sucessful when the client provides the
> correct username and password (which are "system and "manager"
> respectively). and goes unsuccessful otherwise.
>
> The full trace from the geronimo.log is attached here: (there are
> some debug statement to see the traces )
>
>
>
> 2009-07-27 01:26:17,809 DEBUG [JAXWSServiceReference] Initializing
> service with: file:/home/rahul/new_workspace1/GerominoWebClient/WEB-
> INF/wsdl/CalculatorService.wsdl {http://jws.samples.geronimo.apache.org
> }Calculator
> 2009-07-27 01:26:18,031 DEBUG [PortMethodInterceptor] Set address
> property: http://localhost:8080/GerominoWeb/calculator
> 2009-07-27 01:26:18,031 DEBUG [CXFPortMethodInterceptor] Username
> and password sent by Clients are : system manager
> 2009-07-27 01:26:18,126 DEBUG [CXFPasswordHandler] I HAVE SET THE
> VALUES system and manager
> 2009-07-27 01:26:18,142 DEBUG [ServerPasswordHandler] I am inside
> the ServerPasswordHandler
> 2009-07-27 01:26:18,143 DEBUG [UsernamePasswordCallbackHandler] WHAT
> I GOT HERE: system and manager
> 2009-07-27 01:26:18,143 DEBUG [UsernamePasswordCallbackHandler]
> Username set to: system
> 2009-07-27 01:26:18,143 DEBUG [UsernamePasswordCallbackHandler]
> password set to: manager
> 2009-07-27 01:26:18,144 DEBUG [UsernamePasswordCallbackHandler] WHAT
> I GOT HERE: system and manager
> 2009-07-27 01:26:18,144 DEBUG [UsernamePasswordCallbackHandler]
> Username set to: system
> 2009-07-27 01:26:18,144 DEBUG [UsernamePasswordCallbackHandler]
> password set to: manager
> 2009-07-27 01:26:18,144 DEBUG [ServerPasswordHandler] login is
> successful
> 2009-07-27 01:26:18,145 DEBUG [ServerPasswordHandler] I am setting
> the password here ::::manager
> 2009-07-27 01:26:18,313 INFO [PhaseInterceptorChain] Interceptor
> has thrown exception, unwinding now pwd == null but a password is
> needed
> 2009-07-27 01:26:18,376 ERROR [log] /jaxws-calculator/calculator
> javax.xml.ws.soap.SOAPFaultException: pwd == null but a password is
> needed
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:
> 145)
> at $Proxy67.add(Unknown Source)
> at CalculatorServlet.doGet(CalculatorServlet.java:42)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:693)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
> at
> org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:521)
> at
> org
> .eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:
> 435)
> at
> org
> .eclipse
> .jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:118)
> at
> org
> .eclipse
> .jetty.server.session.SessionHandler.handle(SessionHandler.java:179)
> at
> org
> .eclipse
> .jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:928)
> at
> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:
> 370)
> at
> org
> .eclipse
> .jetty.server.handler.ContextHandler.doScope(ContextHandler.java:862)
> at
> org
> .apache
> .geronimo
> .jetty7
> .handler.GeronimoWebAppContext.doScope(GeronimoWebAppContext.java:107)
> at
> org
> .eclipse
> .jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:116)
> at
> org
> .eclipse
> .jetty
> .server
> .handler
> .ContextHandlerCollection.handle(ContextHandlerCollection.java:243)
> at
> org
> .eclipse
> .jetty
> .server.handler.HandlerCollection.handle(HandlerCollection.java:126)
> at
> org
> .eclipse
> .jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:115)
> at org.eclipse.jetty.server.Server.handle(Server.java:337)
> at
> org
> .eclipse
> .jetty.server.HttpConnection.handleRequest(HttpConnection.java:561)
> at org.eclipse.jetty.server.HttpConnection
> $RequestHandler.headerComplete(HttpConnection.java:943)
> at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:
> 530)
> at
> org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:203)
> at
> org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:
> 414)
> at
> org
> .eclipse
> .jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:
> 437)
> at org.apache.geronimo.pool.ThreadPool$1.run(ThreadPool.java:214)
> at org.apache.geronimo.pool.ThreadPool
> $ContextClassLoaderRunnable.run(ThreadPool.java:344)
> at java.util.concurrent.ThreadPoolExecutor
> $Worker.runTask(ThreadPoolExecutor.java:886)
> at java.util.concurrent.ThreadPoolExecutor
> $Worker.run(ThreadPoolExecutor.java:908)
> at java.lang.Thread.run(Thread.java:619)
> Caused by: org.apache.cxf.binding.soap.SoapFault: pwd == null but a
> password is needed
> at
> org
> .apache
> .cxf
> .binding
> .soap
> .interceptor
> .Soap11FaultInInterceptor
> .unmarshalFault(Soap11FaultInInterceptor.java:75)
> at
> org
> .apache
> .cxf
> .binding
> .soap
> .interceptor
> .Soap11FaultInInterceptor
> .handleMessage(Soap11FaultInInterceptor.java:46)
> at
> org
> .apache
> .cxf
> .binding
> .soap
> .interceptor
> .Soap11FaultInInterceptor
> .handleMessage(Soap11FaultInInterceptor.java:35)
> at
> org
> .apache
> .cxf
> .phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:
> 226)
> at
> org
> .apache
> .cxf
> .interceptor
> .AbstractFaultChainInitiatorObserver
> .onMessage(AbstractFaultChainInitiatorObserver.java:96)
> at
> org
> .apache
> .cxf
> .binding
> .soap
> .interceptor
> .CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)
> at
> org
> .apache
> .cxf
> .binding
> .soap
> .interceptor
> .CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
> at
> org
> .apache
> .cxf
> .phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:
> 226)
> at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:
> 641)
> at org.apache.cxf.transport.http.HTTPConduit
> $WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2102)
> at org.apache.cxf.transport.http.HTTPConduit
> $WrappedOutputStream.handleResponse(HTTPConduit.java:1980)
> at org.apache.cxf.transport.http.HTTPConduit
> $WrappedOutputStream.close(HTTPConduit.java:1905)
> at
> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:
> 66)
> at
> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:600)
> at org.apache.cxf.interceptor.MessageSenderInterceptor
> $
> MessageSenderEndingInterceptor
> .handleMessage(MessageSenderInterceptor.java:62)
> at
> org
> .apache
> .cxf
> .phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:
> 226)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:469)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:299)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:251)
> at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:
> 124)
> ... 28 more
>
>
> Can you please let me know or correct me, why this is happening?, I
> think if password is set correctly in the pwcb.setPassword(passwd);
> then client should be able to access the secure web service. I am
> getting the correct password "manager" (as seen in the logs) and
> setting the same but I dont know why I am getting this fault.
>
> Second thing is, I am not sure what to do with subject?
>
> Am I missing something in the above code? Please correct me and help
> me in this.
>
> Many Thanks in advance for your response.
>
> Regards,
> Rahul
>
Re: [soap:Fault] pwd == null but a password is
needed
Posted by "rahul.soa" <ra...@googlemail.com>.
Many thanks to David, Dan and Jarek for the help,
I have tested my code after removing the out interceptor from the server
side and it just worked.
Request:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><wsse:Security
xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
soap:mustUnderstand="1"><wsse:UsernameToken xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="UsernameToken-14195893"><wsse:Username xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">system</wsse:Username><wsse:Password
xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
Type="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">manager</wsse:Password></wsse:UsernameToken></wsse:Security></soap:Header><soap:Body><add
xmlns="http://jws.samples.geronimo.apache.org
"><value1>2</value1><value2>2</value2></add></soap:Body></soap:Envelope>
Response:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/
"><soap:Body>
<addResponse xmlns="http://jws.samples.geronimo.apache.org
"><return>4</return></addResponse></soap:Body></soap:Envelope>
Best Regards,
Rahul
On Mon, Jul 27, 2009 at 5:37 PM, rahul.soa <ra...@googlemail.com> wrote:
> Many Thanks Dan for pointing to the root cause.
>
> So does that mean server will not send the secure SOAP header in the
> response? I thought initially that client will also receive the secured
> response from server. May be I was wrong.
>
> I will try it by removing the WSS4JOutInterceptor from the server side to
> see if it works.
>
> Thanks again for your help.
>
> Best Regards,
> Rahul
> On Mon, Jul 27, 2009 at 5:23 PM, Daniel Kulp <dk...@apache.org> wrote:
>
>> On Mon July 27 2009 3:42:04 am rahul.soa wrote:
>> > Many Thanks David for your efforts in helping me out. That will be very
>> > helpful.
>>
>> Well, I did the grep for you. It's coming from WSS4J, not CXF, in:
>> src/org/apache/ws/security/message/token/UsernameToken.java
>>
>> Most likely, you DON'T want to setup the WSS4JOutInterceptor on the server
>> side to have a UserNameToken. That's not normally a usual occurrence.
>> (why
>> would the server be sending BACK a Username?)
>>
>> Dan
>>
>>
>>
>> > Will it be a good idea to forward my doubt to CXF and WSS4J developers
>> > community?
>>
>> >
>> > Best Regards,
>> > Rahul
>> >
>> > On Mon, Jul 27, 2009 at 1:35 AM, David Jencks <david_jencks@yahoo.com
>> >wrote:
>> > > I chatted with Rahul on IRC a bit, and it looks to me as if his code
>> is
>> > > doing what cxf and wss4j expect.
>> > > I think the next step is to figure out exactly where the fault is
>> coming
>> > > from.
>> > >
>> > > I would grep the cxf and wss4j source code for "but a password is
>> > > needed". If that doesn't find the source I would run geronimo in the
>> > > debugger and put a breakpoint at the end of the handle(CallbackHandler
>> > > handler) method and step through the code.
>> > >
>> > > I also wonder if the fault is from the WSS4jOutInterceptor.
>> > >
>> > > thanks
>> > > david jencks
>> > >
>> > > On Jul 26, 2009, at 4:20 PM, rahul.soa wrote:
>> > >
>> > > Just one amendment here in my speculation about the fault cause.
>> > >
>> > > I wrote this in the previous thread,
>> > >
>> > >
>> > > "but I dont know why I am getting this error pwd == null but a
>> password
>> > > is needed at pwcb.setPassword(passwd);"
>> > >
>> > > Now, i dont think this fault is coming from here
>> > > pwcb.setPassword(passwd);
>> > >
>> > > as I have tested it by removing the following code to be sure about
>> the
>> > > fault
>> > >
>> > > if (!pwcb.getPassword().equals(passwd)) {
>> > > LOG.debug("wrong password");
>> > > throw new IOException("wrong password");
>> > > } else {
>> > > LOG.debug("I am setting the password here ::::"
>> +
>> > > passwd);
>> > > pwcb.setPassword(passwd);
>> > > }
>> > >
>> > > from ServerPasswordHandler and I still have the same fault error in
>> the
>> > > response.
>> > >
>> > > Please correct me if I am wrong somewhere. I am not sure where this
>> fault
>> > > come from?
>> > >
>> > > Thank you.
>> > >
>> > > Best Regards,
>> > > Rahul
>> > >
>> > > On Mon, Jul 27, 2009 at 12:07 AM, rahul.soa
>> <ra...@googlemail.com>wrote:
>> > >> Hello David/Devs,
>> > >>
>> > >> Objective: trying to set web service security at serverside:
>> > >>
>> > >> I am getting an error while accessing the secured webservice. The
>> soap
>> > >> fault I am receiving is below:
>> > >>
>> > >> *Response:*
>> > >>
>> > >> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/
>> > >>
>> "><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>
>> > >>*pwd == null but a password is needed*
>> > >> </faultstring></soap:Fault></soap:Body></soap:Envelope>
>> > >> *
>> > >> Request:*
>> > >>
>> > >> <soap:Envelope
>> > >> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/
>> "><soap:Header><wss
>> > >>e:Security xmlns:wsse="
>> > >>
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex
>> > >>t-1.0.xsd" soap:mustUnderstand="1"><wsse:UsernameToken xmlns:wsse="
>> > >>
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex
>> > >>t-1.0.xsd" xmlns:wsu="
>> > >>
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utili
>> > >>ty-1.0.xsd" wsu:Id="UsernameToken-32620541"><wsse:Username
>> xmlns:wsse="
>> > >>
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex
>> > >>t-1.0.xsd">system</wsse:Username><wsse:Password xmlns:wsse="
>> > >>
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex
>> > >>t-1.0.xsd" Type="
>> > >>
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-p
>> >
>> >>rofile-1.0#PasswordText">manager</wsse:Password></wsse:UsernameToken></ws
>> > >>se:Security></soap:Header><soap:Body><add
>> > >> xmlns="http://jws.samples.geronimo.apache.org
>> > >>
>> "><value1>2</value1><value2>2</value2></add></soap:Body></soap:Envelope>
>> > >>
>> > >>
>> > >> How I am trying to do is,
>> > >>
>> > >> 1. At, server side (in the doPublish method of CXFEndpoint), I am
>> > >> setting the WSS4JIn/OutInterceptor property for user token (please
>> note:
>> > >> this is not generic code at this moment)
>> > >>
>> > >> protected void doPublish(String baseAddress) {
>> > >> // XXX: assume port 8080 by default since we don't know the
>> > >> actual port
>> > >> // at startup
>> > >> String address = (baseAddress == null) ? "
>> http://localhost:8080"
>> > >>
>> > >> : baseAddress;
>> > >>
>> > >> JaxWsServerFactoryBean svrFactory = new
>> > >> GeronimoJaxWsServerFactoryBean();
>> > >> svrFactory.setBus(bus);
>> > >> svrFactory.setAddress(address + this.portInfo.getLocation());
>> > >> svrFactory.setServiceFactory(serviceFactory);
>> > >> svrFactory.setStart(false);
>> > >> svrFactory.setServiceBean(implementor);
>> > >>
>> > >> if
>> (HTTPBinding.HTTP_BINDING.equals(implInfo.getBindingType()))
>> > >> { svrFactory.setTransportId("
>> > >> http://cxf.apache.org/bindings/xformat");
>> > >> }
>> > >>
>> > >> // to receive the incoming username/password in soap request
>> > >> Map inProps = new HashMap();
>> > >> inProps.put(WSHandlerConstants.ACTION,
>> > >> WSHandlerConstants.USERNAME_TOKEN);
>> > >> inProps.put(WSHandlerConstants.PASSWORD_TYPE,
>> > >> WSConstants.PW_TEXT);
>> > >> inProps.put(WSHandlerConstants.USER, "system");
>> > >> inProps.put(WSHandlerConstants.PW_CALLBACK_REF,
>> > >> new *ServerPasswordHandler*());
>> > >>
>> > >> server = svrFactory.create();
>> > >> // to receive the secure header
>> > >> WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
>> > >> // to send the secure soap header
>> > >> WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(inProps);
>> > >> init();
>> > >>
>> > >> org.apache.cxf.endpoint.Endpoint endpoint = getEndpoint();
>> > >>
>> > >> endpoint.getInInterceptors().add(wssIn);
>> > >> endpoint.getInInterceptors().add(
>> > >> new
>> > >> org.apache.cxf.binding.soap.saaj.SAAJInInterceptor());
>> > >>
>> > >> endpoint.getOutInterceptors().add(wssOut);
>> > >> endpoint.getOutInterceptors().add(
>> > >> new
>> > >> org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor());
>> > >> LOG.debug("So far set the interceptor");
>> > >> //
>> > >>
>> > >> if (getBinding() instanceof SOAPBinding
>> > >> && this.portInfo.isMTOMEnabled() != null) {
>> > >> ((SOAPBinding) getBinding()).setMTOMEnabled(this.portInfo
>> > >> .isMTOMEnabled());
>> > >> }
>> > >>
>> > >> server.start();
>> > >> LOG.debug("Invoked");
>> > >>
>> > >> }
>> > >>
>> > >> I am setting up the login authentication and setting the password in
>> the
>> > >> Server Handler, like following:
>> > >>
>> > >>
>> > >> public class ServerPasswordHandler implements CallbackHandler {
>> > >>
>> > >> private static final Logger LOG = LoggerFactory
>> > >> ..getLogger(ServerPasswordHandler.class);
>> > >>
>> > >> public void handle(Callback[] callbacks) throws IOException,
>> > >> UnsupportedCallbackException {
>> > >>
>> > >> for (int i = 0; i < callbacks.length; i++) {
>> > >> WSPasswordCallback pwcb = (WSPasswordCallback)
>> callbacks[i];
>> > >> if (pwcb.getUsage() ==
>> > >> WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
>> > >> LOG.debug("I am inside the ServerPasswordHandler");
>> > >> String username = pwcb.getIdentifier();
>> > >> String passwd = pwcb.getPassword();
>> > >>
>> > >> LoginContext context = null;
>> > >> try {
>> > >> // Login authentication goes here
>> > >> // use the existing security realm for the moment
>> > >> for testing
>> > >> context = ContextManager.login("geronimo-admin",
>> > >> new
>> > >> UsernamePasswordCallbackHandler(username, passwd));
>> > >> // ContextManager.login(realm, callbackHandler,
>> > >> // configuration)
>> > >> context.login();
>> > >> LOG.debug("login is successful");
>> > >> } catch (LoginException e) {
>> > >> LOG.debug("login failed");
>> > >> throw new IOException("Unable to verify " +
>> username
>> > >> + " and " + passwd);
>> > >> }
>> > >>
>> > >> //TODO: what to do with subject
>> > >> Subject subject = context.getSubject();
>> > >> ContextManager.setCallers(subject, subject);
>> > >>
>> > >> if (!pwcb.getPassword().equals(passwd)) {
>> > >> LOG.debug("wrong password");
>> > >> throw new IOException("wrong password");
>> > >> } else {
>> > >> *LOG.debug("I am setting the password here
>> > >>
>> > >> ::::"
>> > >>
>> > >> + passwd);*
>> > >> * pwcb.setPassword(passwd);*
>> > >> }
>> > >>
>> > >> }
>> > >>
>> > >> }
>> > >> }
>> > >>
>> > >> }
>> > >>
>> > >>
>> > >> In the traces, I can see the password value is "manager" which is
>> sent
>> > >> by client
>> > >> I am setting the password here ::::manager
>> > >>
>> > >> but I dont know why I am getting this error pwd == null but a
>> password
>> > >> is needed at pwcb.setPassword(passwd);
>> > >>
>> > >> Login authentication goes sucessful when the client provides the
>> correct
>> > >> username and password (which are "system and "manager" respectively).
>> > >> and goes unsuccessful otherwise.
>> > >>
>> > >> The full trace from the geronimo.log is attached here: (there are
>> some
>> > >> debug statement to see the traces )
>> > >>
>> > >>
>> > >>
>> > >> 2009-07-27 01:26:17,809 DEBUG [JAXWSServiceReference] Initializing
>> > >> service with:
>> > >>
>> file:/home/rahul/new_workspace1/GerominoWebClient/WEB-INF/wsdl/Calculato
>> > >>rService.wsdl {http://jws.samples.geronimo.apache.org}Calculator
>> > >> 2009-07-27 01:26:18,031 DEBUG [PortMethodInterceptor] Set address
>> > >> property: http://localhost:8080/GerominoWeb/calculator
>> > >> 2009-07-27 01:26:18,031 DEBUG [CXFPortMethodInterceptor] Username and
>> > >> password sent by Clients are : system manager
>> > >> 2009-07-27 01:26:18,126 DEBUG [CXFPasswordHandler] I HAVE SET THE
>> > >> VALUES system and manager
>> > >> 2009-07-27 01:26:18,142 DEBUG [ServerPasswordHandler] I am inside the
>> > >> ServerPasswordHandler
>> > >> 2009-07-27 01:26:18,143 DEBUG [UsernamePasswordCallbackHandler] WHAT
>> I
>> > >> GOT HERE: system and manager
>> > >> 2009-07-27 01:26:18,143 DEBUG [UsernamePasswordCallbackHandler]
>> Username
>> > >> set to: system
>> > >> 2009-07-27 01:26:18,143 DEBUG [UsernamePasswordCallbackHandler]
>> password
>> > >> set to: manager
>> > >> 2009-07-27 01:26:18,144 DEBUG [UsernamePasswordCallbackHandler] WHAT
>> I
>> > >> GOT HERE: system and manager
>> > >> 2009-07-27 01:26:18,144 DEBUG [UsernamePasswordCallbackHandler]
>> Username
>> > >> set to: system
>> > >> 2009-07-27 01:26:18,144 DEBUG [UsernamePasswordCallbackHandler]
>> password
>> > >> set to: manager
>> > >> *2009-07-27 01:26:18,144 DEBUG [ServerPasswordHandler] login is
>> > >> successful*
>> > >> *2009-07-27 01:26:18,145 DEBUG [ServerPasswordHandler] I am setting
>> the
>> > >> password here ::::manager*
>> > >> *2009-07-27 01:26:18,313 INFO [PhaseInterceptorChain] Interceptor
>> has
>> > >> thrown exception, unwinding now pwd == null but a password is needed*
>> > >> 2009-07-27 01:26:18,376 ERROR [log] /jaxws-calculator/calculator
>> > >> *javax.xml.ws.soap.SOAPFaultException: pwd == null but a password is
>> > >> needed*
>> > >> at
>> > >>
>> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:145)
>> > >> at $Proxy67.add(Unknown Source)
>> > >> at CalculatorServlet.doGet(CalculatorServlet.java:42)
>> > >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:693)
>> > >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
>> > >> at
>> > >>
>> org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:521)
>> > >> at
>> > >>
>> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:43
>> > >>5) at
>> > >>
>> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java
>> > >>:118) at
>> > >>
>> org.eclipse.jetty.server.session.SessionHandler.handle(SessionHandler.ja
>> > >>va:179) at
>> > >>
>> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.
>> > >>java:928) at
>> > >>
>> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:370
>> > >>) at
>> > >>
>> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.j
>> > >>ava:862) at
>> > >>
>> org.apache.geronimo.jetty7.handler.GeronimoWebAppContext.doScope(Geronim
>> > >>oWebAppContext.java:107) at
>> > >>
>> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java
>> > >>:116) at
>> > >>
>> org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(Context
>> > >>HandlerCollection.java:243) at
>> > >>
>> org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollect
>> > >>ion.java:126) at
>> > >>
>> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.ja
>> > >>va:115) at org.eclipse.jetty.server.Server.handle(Server.java:337)
>> > >> at
>> > >>
>> org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.jav
>> > >>a:561) at
>> > >>
>> org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(Ht
>> > >>tpConnection.java:943) at
>> > >> org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:530) at
>> > >> org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:203)
>> > >> at
>> > >>
>> org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:414)
>> > >> at
>> > >>
>> org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint
>> > >>.java:437) at
>> > >> org.apache.geronimo.pool.ThreadPool$1.run(ThreadPool.java:214) at
>> > >>
>> org.apache.geronimo.pool.ThreadPool$ContextClassLoaderRunnable.run(Threa
>> > >>dPool.java:344) at
>> > >>
>> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecuto
>> > >>r.java:886) at
>> > >>
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.ja
>> > >>va:908) at java.lang.Thread.run(Thread.java:619)
>> > >> *Caused by: org.apache.cxf.binding.soap.SoapFault: pwd == null but a
>> > >> password is needed*
>> > >> at
>> > >>
>> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarsh
>> > >>alFault(Soap11FaultInInterceptor.java:75) at
>> > >>
>> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleM
>> > >>essage(Soap11FaultInInterceptor.java:46) at
>> > >>
>> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleM
>> > >>essage(Soap11FaultInInterceptor.java:35) at
>> > >>
>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC
>> > >>hain.java:226) at
>> > >>
>> org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage
>> > >>(AbstractFaultChainInitiatorObserver.java:96) at
>> > >>
>> org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMess
>> > >>age(CheckFaultInterceptor.java:69) at
>> > >>
>> org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMess
>> > >>age(CheckFaultInterceptor.java:34) at
>> > >>
>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC
>> > >>hain.java:226) at
>> > >> org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:641) at
>> > >>
>> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResp
>> > >>onseInternal(HTTPConduit.java:2102) at
>> > >>
>> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResp
>> > >>onse(HTTPConduit.java:1980) at
>> > >>
>> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTP
>> > >>Conduit.java:1905) at
>> > >>
>> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
>> > >> at
>> > >> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:600)
>> > >> at
>> > >>
>> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingI
>> > >>nterceptor.handleMessage(MessageSenderInterceptor.java:62) at
>> > >>
>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC
>> > >>hain.java:226) at
>> > >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:469) at
>> > >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:299) at
>> > >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:251) at
>> > >> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
>> at
>> > >>
>> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
>> > >> ... 28 more
>> > >>
>> > >>
>> > >> Can you please let me know or correct me, why this is happening?, I
>> > >> think if password is set correctly in the pwcb.setPassword(passwd);
>> > >> then client should be able to access the secure web service. I am
>> > >> getting the correct password "manager" (as seen in the logs) and
>> setting
>> > >> the same but I dont know why I am getting this fault.
>> > >>
>> > >> Second thing is, I am not sure what to do with subject?
>> > >>
>> > >> Am I missing something in the above code? Please correct me and help
>> me
>> > >> in this.
>> > >>
>> > >> Many Thanks in advance for your response.
>> > >>
>> > >> Regards,
>> > >> Rahul
>>
>> --
>> Daniel Kulp
>> dkulp@apache.org
>> http://www.dankulp.com/blog
>>
>
>
Re: [soap:Fault] pwd == null but a password is
needed
Posted by "rahul.soa" <ra...@googlemail.com>.
Many Thanks Dan for pointing to the root cause.
So does that mean server will not send the secure SOAP header in the
response? I thought initially that client will also receive the secured
response from server. May be I was wrong.
I will try it by removing the WSS4JOutInterceptor from the server side to
see if it works.
Thanks again for your help.
Best Regards,
Rahul
On Mon, Jul 27, 2009 at 5:23 PM, Daniel Kulp <dk...@apache.org> wrote:
> On Mon July 27 2009 3:42:04 am rahul.soa wrote:
> > Many Thanks David for your efforts in helping me out. That will be very
> > helpful.
>
> Well, I did the grep for you. It's coming from WSS4J, not CXF, in:
> src/org/apache/ws/security/message/token/UsernameToken.java
>
> Most likely, you DON'T want to setup the WSS4JOutInterceptor on the server
> side to have a UserNameToken. That's not normally a usual occurrence.
> (why
> would the server be sending BACK a Username?)
>
> Dan
>
>
>
> > Will it be a good idea to forward my doubt to CXF and WSS4J developers
> > community?
>
> >
> > Best Regards,
> > Rahul
> >
> > On Mon, Jul 27, 2009 at 1:35 AM, David Jencks <david_jencks@yahoo.com
> >wrote:
> > > I chatted with Rahul on IRC a bit, and it looks to me as if his code is
> > > doing what cxf and wss4j expect.
> > > I think the next step is to figure out exactly where the fault is
> coming
> > > from.
> > >
> > > I would grep the cxf and wss4j source code for "but a password is
> > > needed". If that doesn't find the source I would run geronimo in the
> > > debugger and put a breakpoint at the end of the handle(CallbackHandler
> > > handler) method and step through the code.
> > >
> > > I also wonder if the fault is from the WSS4jOutInterceptor.
> > >
> > > thanks
> > > david jencks
> > >
> > > On Jul 26, 2009, at 4:20 PM, rahul.soa wrote:
> > >
> > > Just one amendment here in my speculation about the fault cause.
> > >
> > > I wrote this in the previous thread,
> > >
> > >
> > > "but I dont know why I am getting this error pwd == null but a password
> > > is needed at pwcb.setPassword(passwd);"
> > >
> > > Now, i dont think this fault is coming from here
> > > pwcb.setPassword(passwd);
> > >
> > > as I have tested it by removing the following code to be sure about the
> > > fault
> > >
> > > if (!pwcb.getPassword().equals(passwd)) {
> > > LOG.debug("wrong password");
> > > throw new IOException("wrong password");
> > > } else {
> > > LOG.debug("I am setting the password here ::::" +
> > > passwd);
> > > pwcb.setPassword(passwd);
> > > }
> > >
> > > from ServerPasswordHandler and I still have the same fault error in the
> > > response.
> > >
> > > Please correct me if I am wrong somewhere. I am not sure where this
> fault
> > > come from?
> > >
> > > Thank you.
> > >
> > > Best Regards,
> > > Rahul
> > >
> > > On Mon, Jul 27, 2009 at 12:07 AM, rahul.soa
> <ra...@googlemail.com>wrote:
> > >> Hello David/Devs,
> > >>
> > >> Objective: trying to set web service security at serverside:
> > >>
> > >> I am getting an error while accessing the secured webservice. The soap
> > >> fault I am receiving is below:
> > >>
> > >> *Response:*
> > >>
> > >> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/
> > >>
> "><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>
> > >>*pwd == null but a password is needed*
> > >> </faultstring></soap:Fault></soap:Body></soap:Envelope>
> > >> *
> > >> Request:*
> > >>
> > >> <soap:Envelope
> > >> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/
> "><soap:Header><wss
> > >>e:Security xmlns:wsse="
> > >>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex
> > >>t-1.0.xsd" soap:mustUnderstand="1"><wsse:UsernameToken xmlns:wsse="
> > >>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex
> > >>t-1.0.xsd" xmlns:wsu="
> > >>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utili
> > >>ty-1.0.xsd" wsu:Id="UsernameToken-32620541"><wsse:Username xmlns:wsse="
> > >>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex
> > >>t-1.0.xsd">system</wsse:Username><wsse:Password xmlns:wsse="
> > >>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex
> > >>t-1.0.xsd" Type="
> > >>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-p
> >
> >>rofile-1.0#PasswordText">manager</wsse:Password></wsse:UsernameToken></ws
> > >>se:Security></soap:Header><soap:Body><add
> > >> xmlns="http://jws.samples.geronimo.apache.org
> > >>
> "><value1>2</value1><value2>2</value2></add></soap:Body></soap:Envelope>
> > >>
> > >>
> > >> How I am trying to do is,
> > >>
> > >> 1. At, server side (in the doPublish method of CXFEndpoint), I am
> > >> setting the WSS4JIn/OutInterceptor property for user token (please
> note:
> > >> this is not generic code at this moment)
> > >>
> > >> protected void doPublish(String baseAddress) {
> > >> // XXX: assume port 8080 by default since we don't know the
> > >> actual port
> > >> // at startup
> > >> String address = (baseAddress == null) ? "
> http://localhost:8080"
> > >>
> > >> : baseAddress;
> > >>
> > >> JaxWsServerFactoryBean svrFactory = new
> > >> GeronimoJaxWsServerFactoryBean();
> > >> svrFactory.setBus(bus);
> > >> svrFactory.setAddress(address + this.portInfo.getLocation());
> > >> svrFactory.setServiceFactory(serviceFactory);
> > >> svrFactory.setStart(false);
> > >> svrFactory.setServiceBean(implementor);
> > >>
> > >> if
> (HTTPBinding.HTTP_BINDING.equals(implInfo.getBindingType()))
> > >> { svrFactory.setTransportId("
> > >> http://cxf.apache.org/bindings/xformat");
> > >> }
> > >>
> > >> // to receive the incoming username/password in soap request
> > >> Map inProps = new HashMap();
> > >> inProps.put(WSHandlerConstants.ACTION,
> > >> WSHandlerConstants.USERNAME_TOKEN);
> > >> inProps.put(WSHandlerConstants.PASSWORD_TYPE,
> > >> WSConstants.PW_TEXT);
> > >> inProps.put(WSHandlerConstants.USER, "system");
> > >> inProps.put(WSHandlerConstants.PW_CALLBACK_REF,
> > >> new *ServerPasswordHandler*());
> > >>
> > >> server = svrFactory.create();
> > >> // to receive the secure header
> > >> WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
> > >> // to send the secure soap header
> > >> WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(inProps);
> > >> init();
> > >>
> > >> org.apache.cxf.endpoint.Endpoint endpoint = getEndpoint();
> > >>
> > >> endpoint.getInInterceptors().add(wssIn);
> > >> endpoint.getInInterceptors().add(
> > >> new
> > >> org.apache.cxf.binding.soap.saaj.SAAJInInterceptor());
> > >>
> > >> endpoint.getOutInterceptors().add(wssOut);
> > >> endpoint.getOutInterceptors().add(
> > >> new
> > >> org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor());
> > >> LOG.debug("So far set the interceptor");
> > >> //
> > >>
> > >> if (getBinding() instanceof SOAPBinding
> > >> && this.portInfo.isMTOMEnabled() != null) {
> > >> ((SOAPBinding) getBinding()).setMTOMEnabled(this.portInfo
> > >> .isMTOMEnabled());
> > >> }
> > >>
> > >> server.start();
> > >> LOG.debug("Invoked");
> > >>
> > >> }
> > >>
> > >> I am setting up the login authentication and setting the password in
> the
> > >> Server Handler, like following:
> > >>
> > >>
> > >> public class ServerPasswordHandler implements CallbackHandler {
> > >>
> > >> private static final Logger LOG = LoggerFactory
> > >> ..getLogger(ServerPasswordHandler.class);
> > >>
> > >> public void handle(Callback[] callbacks) throws IOException,
> > >> UnsupportedCallbackException {
> > >>
> > >> for (int i = 0; i < callbacks.length; i++) {
> > >> WSPasswordCallback pwcb = (WSPasswordCallback)
> callbacks[i];
> > >> if (pwcb.getUsage() ==
> > >> WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
> > >> LOG.debug("I am inside the ServerPasswordHandler");
> > >> String username = pwcb.getIdentifier();
> > >> String passwd = pwcb.getPassword();
> > >>
> > >> LoginContext context = null;
> > >> try {
> > >> // Login authentication goes here
> > >> // use the existing security realm for the moment
> > >> for testing
> > >> context = ContextManager.login("geronimo-admin",
> > >> new
> > >> UsernamePasswordCallbackHandler(username, passwd));
> > >> // ContextManager.login(realm, callbackHandler,
> > >> // configuration)
> > >> context.login();
> > >> LOG.debug("login is successful");
> > >> } catch (LoginException e) {
> > >> LOG.debug("login failed");
> > >> throw new IOException("Unable to verify " +
> username
> > >> + " and " + passwd);
> > >> }
> > >>
> > >> //TODO: what to do with subject
> > >> Subject subject = context.getSubject();
> > >> ContextManager.setCallers(subject, subject);
> > >>
> > >> if (!pwcb.getPassword().equals(passwd)) {
> > >> LOG.debug("wrong password");
> > >> throw new IOException("wrong password");
> > >> } else {
> > >> *LOG.debug("I am setting the password here
> > >>
> > >> ::::"
> > >>
> > >> + passwd);*
> > >> * pwcb.setPassword(passwd);*
> > >> }
> > >>
> > >> }
> > >>
> > >> }
> > >> }
> > >>
> > >> }
> > >>
> > >>
> > >> In the traces, I can see the password value is "manager" which is sent
> > >> by client
> > >> I am setting the password here ::::manager
> > >>
> > >> but I dont know why I am getting this error pwd == null but a password
> > >> is needed at pwcb.setPassword(passwd);
> > >>
> > >> Login authentication goes sucessful when the client provides the
> correct
> > >> username and password (which are "system and "manager" respectively).
> > >> and goes unsuccessful otherwise.
> > >>
> > >> The full trace from the geronimo.log is attached here: (there are some
> > >> debug statement to see the traces )
> > >>
> > >>
> > >>
> > >> 2009-07-27 01:26:17,809 DEBUG [JAXWSServiceReference] Initializing
> > >> service with:
> > >>
> file:/home/rahul/new_workspace1/GerominoWebClient/WEB-INF/wsdl/Calculato
> > >>rService.wsdl {http://jws.samples.geronimo.apache.org}Calculator
> > >> 2009-07-27 01:26:18,031 DEBUG [PortMethodInterceptor] Set address
> > >> property: http://localhost:8080/GerominoWeb/calculator
> > >> 2009-07-27 01:26:18,031 DEBUG [CXFPortMethodInterceptor] Username and
> > >> password sent by Clients are : system manager
> > >> 2009-07-27 01:26:18,126 DEBUG [CXFPasswordHandler] I HAVE SET THE
> > >> VALUES system and manager
> > >> 2009-07-27 01:26:18,142 DEBUG [ServerPasswordHandler] I am inside the
> > >> ServerPasswordHandler
> > >> 2009-07-27 01:26:18,143 DEBUG [UsernamePasswordCallbackHandler] WHAT I
> > >> GOT HERE: system and manager
> > >> 2009-07-27 01:26:18,143 DEBUG [UsernamePasswordCallbackHandler]
> Username
> > >> set to: system
> > >> 2009-07-27 01:26:18,143 DEBUG [UsernamePasswordCallbackHandler]
> password
> > >> set to: manager
> > >> 2009-07-27 01:26:18,144 DEBUG [UsernamePasswordCallbackHandler] WHAT I
> > >> GOT HERE: system and manager
> > >> 2009-07-27 01:26:18,144 DEBUG [UsernamePasswordCallbackHandler]
> Username
> > >> set to: system
> > >> 2009-07-27 01:26:18,144 DEBUG [UsernamePasswordCallbackHandler]
> password
> > >> set to: manager
> > >> *2009-07-27 01:26:18,144 DEBUG [ServerPasswordHandler] login is
> > >> successful*
> > >> *2009-07-27 01:26:18,145 DEBUG [ServerPasswordHandler] I am setting
> the
> > >> password here ::::manager*
> > >> *2009-07-27 01:26:18,313 INFO [PhaseInterceptorChain] Interceptor has
> > >> thrown exception, unwinding now pwd == null but a password is needed*
> > >> 2009-07-27 01:26:18,376 ERROR [log] /jaxws-calculator/calculator
> > >> *javax.xml.ws.soap.SOAPFaultException: pwd == null but a password is
> > >> needed*
> > >> at
> > >>
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:145)
> > >> at $Proxy67.add(Unknown Source)
> > >> at CalculatorServlet.doGet(CalculatorServlet.java:42)
> > >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:693)
> > >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
> > >> at
> > >> org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:521)
> > >> at
> > >>
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:43
> > >>5) at
> > >>
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java
> > >>:118) at
> > >>
> org.eclipse.jetty.server.session.SessionHandler.handle(SessionHandler.ja
> > >>va:179) at
> > >>
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.
> > >>java:928) at
> > >>
> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:370
> > >>) at
> > >>
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.j
> > >>ava:862) at
> > >>
> org.apache.geronimo.jetty7.handler.GeronimoWebAppContext.doScope(Geronim
> > >>oWebAppContext.java:107) at
> > >>
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java
> > >>:116) at
> > >>
> org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(Context
> > >>HandlerCollection.java:243) at
> > >>
> org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollect
> > >>ion.java:126) at
> > >>
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.ja
> > >>va:115) at org.eclipse.jetty.server.Server.handle(Server.java:337)
> > >> at
> > >>
> org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.jav
> > >>a:561) at
> > >>
> org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(Ht
> > >>tpConnection.java:943) at
> > >> org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:530) at
> > >> org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:203)
> > >> at
> > >>
> org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:414)
> > >> at
> > >>
> org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint
> > >>.java:437) at
> > >> org.apache.geronimo.pool.ThreadPool$1.run(ThreadPool.java:214) at
> > >>
> org.apache.geronimo.pool.ThreadPool$ContextClassLoaderRunnable.run(Threa
> > >>dPool.java:344) at
> > >>
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecuto
> > >>r.java:886) at
> > >>
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.ja
> > >>va:908) at java.lang.Thread.run(Thread.java:619)
> > >> *Caused by: org.apache.cxf.binding.soap.SoapFault: pwd == null but a
> > >> password is needed*
> > >> at
> > >>
> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarsh
> > >>alFault(Soap11FaultInInterceptor.java:75) at
> > >>
> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleM
> > >>essage(Soap11FaultInInterceptor.java:46) at
> > >>
> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleM
> > >>essage(Soap11FaultInInterceptor.java:35) at
> > >>
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC
> > >>hain.java:226) at
> > >>
> org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage
> > >>(AbstractFaultChainInitiatorObserver.java:96) at
> > >>
> org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMess
> > >>age(CheckFaultInterceptor.java:69) at
> > >>
> org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMess
> > >>age(CheckFaultInterceptor.java:34) at
> > >>
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC
> > >>hain.java:226) at
> > >> org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:641) at
> > >>
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResp
> > >>onseInternal(HTTPConduit.java:2102) at
> > >>
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResp
> > >>onse(HTTPConduit.java:1980) at
> > >>
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTP
> > >>Conduit.java:1905) at
> > >>
> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
> > >> at
> > >> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:600)
> > >> at
> > >>
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingI
> > >>nterceptor.handleMessage(MessageSenderInterceptor.java:62) at
> > >>
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC
> > >>hain.java:226) at
> > >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:469) at
> > >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:299) at
> > >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:251) at
> > >> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) at
> > >>
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
> > >> ... 28 more
> > >>
> > >>
> > >> Can you please let me know or correct me, why this is happening?, I
> > >> think if password is set correctly in the pwcb.setPassword(passwd);
> > >> then client should be able to access the secure web service. I am
> > >> getting the correct password "manager" (as seen in the logs) and
> setting
> > >> the same but I dont know why I am getting this fault.
> > >>
> > >> Second thing is, I am not sure what to do with subject?
> > >>
> > >> Am I missing something in the above code? Please correct me and help
> me
> > >> in this.
> > >>
> > >> Many Thanks in advance for your response.
> > >>
> > >> Regards,
> > >> Rahul
>
> --
> Daniel Kulp
> dkulp@apache.org
> http://www.dankulp.com/blog
>
Re: [soap:Fault] pwd == null but a password is needed
Posted by Daniel Kulp <dk...@apache.org>.
On Mon July 27 2009 3:42:04 am rahul.soa wrote:
> Many Thanks David for your efforts in helping me out. That will be very
> helpful.
Well, I did the grep for you. It's coming from WSS4J, not CXF, in:
src/org/apache/ws/security/message/token/UsernameToken.java
Most likely, you DON'T want to setup the WSS4JOutInterceptor on the server
side to have a UserNameToken. That's not normally a usual occurrence. (why
would the server be sending BACK a Username?)
Dan
> Will it be a good idea to forward my doubt to CXF and WSS4J developers
> community?
>
> Best Regards,
> Rahul
>
> On Mon, Jul 27, 2009 at 1:35 AM, David Jencks <da...@yahoo.com>wrote:
> > I chatted with Rahul on IRC a bit, and it looks to me as if his code is
> > doing what cxf and wss4j expect.
> > I think the next step is to figure out exactly where the fault is coming
> > from.
> >
> > I would grep the cxf and wss4j source code for "but a password is
> > needed". If that doesn't find the source I would run geronimo in the
> > debugger and put a breakpoint at the end of the handle(CallbackHandler
> > handler) method and step through the code.
> >
> > I also wonder if the fault is from the WSS4jOutInterceptor.
> >
> > thanks
> > david jencks
> >
> > On Jul 26, 2009, at 4:20 PM, rahul.soa wrote:
> >
> > Just one amendment here in my speculation about the fault cause.
> >
> > I wrote this in the previous thread,
> >
> >
> > "but I dont know why I am getting this error pwd == null but a password
> > is needed at pwcb.setPassword(passwd);"
> >
> > Now, i dont think this fault is coming from here
> > pwcb.setPassword(passwd);
> >
> > as I have tested it by removing the following code to be sure about the
> > fault
> >
> > if (!pwcb.getPassword().equals(passwd)) {
> > LOG.debug("wrong password");
> > throw new IOException("wrong password");
> > } else {
> > LOG.debug("I am setting the password here ::::" +
> > passwd);
> > pwcb.setPassword(passwd);
> > }
> >
> > from ServerPasswordHandler and I still have the same fault error in the
> > response.
> >
> > Please correct me if I am wrong somewhere. I am not sure where this fault
> > come from?
> >
> > Thank you.
> >
> > Best Regards,
> > Rahul
> >
> > On Mon, Jul 27, 2009 at 12:07 AM, rahul.soa
<ra...@googlemail.com>wrote:
> >> Hello David/Devs,
> >>
> >> Objective: trying to set web service security at serverside:
> >>
> >> I am getting an error while accessing the secured webservice. The soap
> >> fault I am receiving is below:
> >>
> >> *Response:*
> >>
> >> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/
> >> "><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>
> >>*pwd == null but a password is needed*
> >> </faultstring></soap:Fault></soap:Body></soap:Envelope>
> >> *
> >> Request:*
> >>
> >> <soap:Envelope
> >> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><wss
> >>e:Security xmlns:wsse="
> >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex
> >>t-1.0.xsd" soap:mustUnderstand="1"><wsse:UsernameToken xmlns:wsse="
> >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex
> >>t-1.0.xsd" xmlns:wsu="
> >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utili
> >>ty-1.0.xsd" wsu:Id="UsernameToken-32620541"><wsse:Username xmlns:wsse="
> >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex
> >>t-1.0.xsd">system</wsse:Username><wsse:Password xmlns:wsse="
> >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex
> >>t-1.0.xsd" Type="
> >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-p
> >>rofile-1.0#PasswordText">manager</wsse:Password></wsse:UsernameToken></ws
> >>se:Security></soap:Header><soap:Body><add
> >> xmlns="http://jws.samples.geronimo.apache.org
> >> "><value1>2</value1><value2>2</value2></add></soap:Body></soap:Envelope>
> >>
> >>
> >> How I am trying to do is,
> >>
> >> 1. At, server side (in the doPublish method of CXFEndpoint), I am
> >> setting the WSS4JIn/OutInterceptor property for user token (please note:
> >> this is not generic code at this moment)
> >>
> >> protected void doPublish(String baseAddress) {
> >> // XXX: assume port 8080 by default since we don't know the
> >> actual port
> >> // at startup
> >> String address = (baseAddress == null) ? "http://localhost:8080"
> >>
> >> : baseAddress;
> >>
> >> JaxWsServerFactoryBean svrFactory = new
> >> GeronimoJaxWsServerFactoryBean();
> >> svrFactory.setBus(bus);
> >> svrFactory.setAddress(address + this.portInfo.getLocation());
> >> svrFactory.setServiceFactory(serviceFactory);
> >> svrFactory.setStart(false);
> >> svrFactory.setServiceBean(implementor);
> >>
> >> if (HTTPBinding.HTTP_BINDING.equals(implInfo.getBindingType()))
> >> { svrFactory.setTransportId("
> >> http://cxf.apache.org/bindings/xformat");
> >> }
> >>
> >> // to receive the incoming username/password in soap request
> >> Map inProps = new HashMap();
> >> inProps.put(WSHandlerConstants.ACTION,
> >> WSHandlerConstants.USERNAME_TOKEN);
> >> inProps.put(WSHandlerConstants.PASSWORD_TYPE,
> >> WSConstants.PW_TEXT);
> >> inProps.put(WSHandlerConstants.USER, "system");
> >> inProps.put(WSHandlerConstants.PW_CALLBACK_REF,
> >> new *ServerPasswordHandler*());
> >>
> >> server = svrFactory.create();
> >> // to receive the secure header
> >> WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
> >> // to send the secure soap header
> >> WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(inProps);
> >> init();
> >>
> >> org.apache.cxf.endpoint.Endpoint endpoint = getEndpoint();
> >>
> >> endpoint.getInInterceptors().add(wssIn);
> >> endpoint.getInInterceptors().add(
> >> new
> >> org.apache.cxf.binding.soap.saaj.SAAJInInterceptor());
> >>
> >> endpoint.getOutInterceptors().add(wssOut);
> >> endpoint.getOutInterceptors().add(
> >> new
> >> org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor());
> >> LOG.debug("So far set the interceptor");
> >> //
> >>
> >> if (getBinding() instanceof SOAPBinding
> >> && this.portInfo.isMTOMEnabled() != null) {
> >> ((SOAPBinding) getBinding()).setMTOMEnabled(this.portInfo
> >> .isMTOMEnabled());
> >> }
> >>
> >> server.start();
> >> LOG.debug("Invoked");
> >>
> >> }
> >>
> >> I am setting up the login authentication and setting the password in the
> >> Server Handler, like following:
> >>
> >>
> >> public class ServerPasswordHandler implements CallbackHandler {
> >>
> >> private static final Logger LOG = LoggerFactory
> >> ..getLogger(ServerPasswordHandler.class);
> >>
> >> public void handle(Callback[] callbacks) throws IOException,
> >> UnsupportedCallbackException {
> >>
> >> for (int i = 0; i < callbacks.length; i++) {
> >> WSPasswordCallback pwcb = (WSPasswordCallback) callbacks[i];
> >> if (pwcb.getUsage() ==
> >> WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
> >> LOG.debug("I am inside the ServerPasswordHandler");
> >> String username = pwcb.getIdentifier();
> >> String passwd = pwcb.getPassword();
> >>
> >> LoginContext context = null;
> >> try {
> >> // Login authentication goes here
> >> // use the existing security realm for the moment
> >> for testing
> >> context = ContextManager.login("geronimo-admin",
> >> new
> >> UsernamePasswordCallbackHandler(username, passwd));
> >> // ContextManager.login(realm, callbackHandler,
> >> // configuration)
> >> context.login();
> >> LOG.debug("login is successful");
> >> } catch (LoginException e) {
> >> LOG.debug("login failed");
> >> throw new IOException("Unable to verify " + username
> >> + " and " + passwd);
> >> }
> >>
> >> //TODO: what to do with subject
> >> Subject subject = context.getSubject();
> >> ContextManager.setCallers(subject, subject);
> >>
> >> if (!pwcb.getPassword().equals(passwd)) {
> >> LOG.debug("wrong password");
> >> throw new IOException("wrong password");
> >> } else {
> >> *LOG.debug("I am setting the password here
> >>
> >> ::::"
> >>
> >> + passwd);*
> >> * pwcb.setPassword(passwd);*
> >> }
> >>
> >> }
> >>
> >> }
> >> }
> >>
> >> }
> >>
> >>
> >> In the traces, I can see the password value is "manager" which is sent
> >> by client
> >> I am setting the password here ::::manager
> >>
> >> but I dont know why I am getting this error pwd == null but a password
> >> is needed at pwcb.setPassword(passwd);
> >>
> >> Login authentication goes sucessful when the client provides the correct
> >> username and password (which are "system and "manager" respectively).
> >> and goes unsuccessful otherwise.
> >>
> >> The full trace from the geronimo.log is attached here: (there are some
> >> debug statement to see the traces )
> >>
> >>
> >>
> >> 2009-07-27 01:26:17,809 DEBUG [JAXWSServiceReference] Initializing
> >> service with:
> >> file:/home/rahul/new_workspace1/GerominoWebClient/WEB-INF/wsdl/Calculato
> >>rService.wsdl {http://jws.samples.geronimo.apache.org}Calculator
> >> 2009-07-27 01:26:18,031 DEBUG [PortMethodInterceptor] Set address
> >> property: http://localhost:8080/GerominoWeb/calculator
> >> 2009-07-27 01:26:18,031 DEBUG [CXFPortMethodInterceptor] Username and
> >> password sent by Clients are : system manager
> >> 2009-07-27 01:26:18,126 DEBUG [CXFPasswordHandler] I HAVE SET THE
> >> VALUES system and manager
> >> 2009-07-27 01:26:18,142 DEBUG [ServerPasswordHandler] I am inside the
> >> ServerPasswordHandler
> >> 2009-07-27 01:26:18,143 DEBUG [UsernamePasswordCallbackHandler] WHAT I
> >> GOT HERE: system and manager
> >> 2009-07-27 01:26:18,143 DEBUG [UsernamePasswordCallbackHandler] Username
> >> set to: system
> >> 2009-07-27 01:26:18,143 DEBUG [UsernamePasswordCallbackHandler] password
> >> set to: manager
> >> 2009-07-27 01:26:18,144 DEBUG [UsernamePasswordCallbackHandler] WHAT I
> >> GOT HERE: system and manager
> >> 2009-07-27 01:26:18,144 DEBUG [UsernamePasswordCallbackHandler] Username
> >> set to: system
> >> 2009-07-27 01:26:18,144 DEBUG [UsernamePasswordCallbackHandler] password
> >> set to: manager
> >> *2009-07-27 01:26:18,144 DEBUG [ServerPasswordHandler] login is
> >> successful*
> >> *2009-07-27 01:26:18,145 DEBUG [ServerPasswordHandler] I am setting the
> >> password here ::::manager*
> >> *2009-07-27 01:26:18,313 INFO [PhaseInterceptorChain] Interceptor has
> >> thrown exception, unwinding now pwd == null but a password is needed*
> >> 2009-07-27 01:26:18,376 ERROR [log] /jaxws-calculator/calculator
> >> *javax.xml.ws.soap.SOAPFaultException: pwd == null but a password is
> >> needed*
> >> at
> >> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:145)
> >> at $Proxy67.add(Unknown Source)
> >> at CalculatorServlet.doGet(CalculatorServlet.java:42)
> >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:693)
> >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
> >> at
> >> org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:521)
> >> at
> >> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:43
> >>5) at
> >> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java
> >>:118) at
> >> org.eclipse.jetty.server.session.SessionHandler.handle(SessionHandler.ja
> >>va:179) at
> >> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.
> >>java:928) at
> >> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:370
> >>) at
> >> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.j
> >>ava:862) at
> >> org.apache.geronimo.jetty7.handler.GeronimoWebAppContext.doScope(Geronim
> >>oWebAppContext.java:107) at
> >> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java
> >>:116) at
> >> org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(Context
> >>HandlerCollection.java:243) at
> >> org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollect
> >>ion.java:126) at
> >> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.ja
> >>va:115) at org.eclipse.jetty.server.Server.handle(Server.java:337)
> >> at
> >> org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.jav
> >>a:561) at
> >> org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(Ht
> >>tpConnection.java:943) at
> >> org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:530) at
> >> org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:203)
> >> at
> >> org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:414)
> >> at
> >> org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint
> >>.java:437) at
> >> org.apache.geronimo.pool.ThreadPool$1.run(ThreadPool.java:214) at
> >> org.apache.geronimo.pool.ThreadPool$ContextClassLoaderRunnable.run(Threa
> >>dPool.java:344) at
> >> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecuto
> >>r.java:886) at
> >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.ja
> >>va:908) at java.lang.Thread.run(Thread.java:619)
> >> *Caused by: org.apache.cxf.binding.soap.SoapFault: pwd == null but a
> >> password is needed*
> >> at
> >> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarsh
> >>alFault(Soap11FaultInInterceptor.java:75) at
> >> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleM
> >>essage(Soap11FaultInInterceptor.java:46) at
> >> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleM
> >>essage(Soap11FaultInInterceptor.java:35) at
> >> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC
> >>hain.java:226) at
> >> org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage
> >>(AbstractFaultChainInitiatorObserver.java:96) at
> >> org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMess
> >>age(CheckFaultInterceptor.java:69) at
> >> org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMess
> >>age(CheckFaultInterceptor.java:34) at
> >> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC
> >>hain.java:226) at
> >> org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:641) at
> >> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResp
> >>onseInternal(HTTPConduit.java:2102) at
> >> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResp
> >>onse(HTTPConduit.java:1980) at
> >> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTP
> >>Conduit.java:1905) at
> >> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
> >> at
> >> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:600)
> >> at
> >> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingI
> >>nterceptor.handleMessage(MessageSenderInterceptor.java:62) at
> >> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC
> >>hain.java:226) at
> >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:469) at
> >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:299) at
> >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:251) at
> >> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) at
> >> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
> >> ... 28 more
> >>
> >>
> >> Can you please let me know or correct me, why this is happening?, I
> >> think if password is set correctly in the pwcb.setPassword(passwd);
> >> then client should be able to access the secure web service. I am
> >> getting the correct password "manager" (as seen in the logs) and setting
> >> the same but I dont know why I am getting this fault.
> >>
> >> Second thing is, I am not sure what to do with subject?
> >>
> >> Am I missing something in the above code? Please correct me and help me
> >> in this.
> >>
> >> Many Thanks in advance for your response.
> >>
> >> Regards,
> >> Rahul
--
Daniel Kulp
dkulp@apache.org
http://www.dankulp.com/blog
Re: [soap:Fault] pwd == null but a password is
needed
Posted by "rahul.soa" <ra...@googlemail.com>.
Many Thanks David for your efforts in helping me out. That will be very
helpful.
Will it be a good idea to forward my doubt to CXF and WSS4J developers
community?
Best Regards,
Rahul
On Mon, Jul 27, 2009 at 1:35 AM, David Jencks <da...@yahoo.com>wrote:
> I chatted with Rahul on IRC a bit, and it looks to me as if his code is
> doing what cxf and wss4j expect.
> I think the next step is to figure out exactly where the fault is coming
> from.
>
> I would grep the cxf and wss4j source code for "but a password is needed".
> If that doesn't find the source I would run geronimo in the debugger and
> put a breakpoint at the end of the handle(CallbackHandler handler) method
> and step through the code.
>
> I also wonder if the fault is from the WSS4jOutInterceptor.
>
> thanks
> david jencks
>
> On Jul 26, 2009, at 4:20 PM, rahul.soa wrote:
>
> Just one amendment here in my speculation about the fault cause.
>
> I wrote this in the previous thread,
>
>
> "but I dont know why I am getting this error pwd == null but a password is
> needed at pwcb.setPassword(passwd);"
>
> Now, i dont think this fault is coming from here
> pwcb.setPassword(passwd);
>
> as I have tested it by removing the following code to be sure about the
> fault
>
> if (!pwcb.getPassword().equals(passwd)) {
> LOG.debug("wrong password");
> throw new IOException("wrong password");
> } else {
> LOG.debug("I am setting the password here ::::" +
> passwd);
> pwcb.setPassword(passwd);
> }
>
> from ServerPasswordHandler and I still have the same fault error in the
> response.
>
> Please correct me if I am wrong somewhere. I am not sure where this fault
> come from?
>
> Thank you.
>
> Best Regards,
> Rahul
> On Mon, Jul 27, 2009 at 12:07 AM, rahul.soa <ra...@googlemail.com>wrote:
>
>> Hello David/Devs,
>>
>> Objective: trying to set web service security at serverside:
>>
>> I am getting an error while accessing the secured webservice. The soap
>> fault I am receiving is below:
>>
>> *Response:*
>>
>> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/
>> "><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>*pwd
>> == null but a password is needed*
>> </faultstring></soap:Fault></soap:Body></soap:Envelope>
>> *
>> Request:*
>>
>> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><wsse:Security
>> xmlns:wsse="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> soap:mustUnderstand="1"><wsse:UsernameToken xmlns:wsse="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>> wsu:Id="UsernameToken-32620541"><wsse:Username xmlns:wsse="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">system</wsse:Username><wsse:Password
>> xmlns:wsse="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> Type="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">manager</wsse:Password></wsse:UsernameToken></wsse:Security></soap:Header><soap:Body><add
>> xmlns="http://jws.samples.geronimo.apache.org
>> "><value1>2</value1><value2>2</value2></add></soap:Body></soap:Envelope>
>>
>>
>> How I am trying to do is,
>>
>> 1. At, server side (in the doPublish method of CXFEndpoint), I am setting
>> the WSS4JIn/OutInterceptor property for user token (please note: this is not
>> generic code at this moment)
>>
>> protected void doPublish(String baseAddress) {
>> // XXX: assume port 8080 by default since we don't know the actual
>> port
>> // at startup
>> String address = (baseAddress == null) ? "http://localhost:8080"
>> : baseAddress;
>>
>> JaxWsServerFactoryBean svrFactory = new
>> GeronimoJaxWsServerFactoryBean();
>> svrFactory.setBus(bus);
>> svrFactory.setAddress(address + this.portInfo.getLocation());
>> svrFactory.setServiceFactory(serviceFactory);
>> svrFactory.setStart(false);
>> svrFactory.setServiceBean(implementor);
>>
>> if (HTTPBinding.HTTP_BINDING.equals(implInfo.getBindingType())) {
>> svrFactory.setTransportId("
>> http://cxf.apache.org/bindings/xformat");
>> }
>>
>> // to receive the incoming username/password in soap request
>> Map inProps = new HashMap();
>> inProps.put(WSHandlerConstants.ACTION,
>> WSHandlerConstants.USERNAME_TOKEN);
>> inProps.put(WSHandlerConstants.PASSWORD_TYPE,
>> WSConstants.PW_TEXT);
>> inProps.put(WSHandlerConstants.USER, "system");
>> inProps.put(WSHandlerConstants.PW_CALLBACK_REF,
>> new *ServerPasswordHandler*());
>>
>> server = svrFactory.create();
>> // to receive the secure header
>> WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
>> // to send the secure soap header
>> WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(inProps);
>> init();
>>
>> org.apache.cxf.endpoint.Endpoint endpoint = getEndpoint();
>>
>> endpoint.getInInterceptors().add(wssIn);
>> endpoint.getInInterceptors().add(
>> new org.apache.cxf.binding.soap.saaj.SAAJInInterceptor());
>>
>> endpoint.getOutInterceptors().add(wssOut);
>> endpoint.getOutInterceptors().add(
>> new
>> org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor());
>> LOG.debug("So far set the interceptor");
>> //
>>
>> if (getBinding() instanceof SOAPBinding
>> && this.portInfo.isMTOMEnabled() != null) {
>> ((SOAPBinding) getBinding()).setMTOMEnabled(this.portInfo
>> .isMTOMEnabled());
>> }
>>
>> server.start();
>> LOG.debug("Invoked");
>>
>> }
>>
>> I am setting up the login authentication and setting the password in the
>> Server Handler, like following:
>>
>>
>> public class ServerPasswordHandler implements CallbackHandler {
>>
>> private static final Logger LOG = LoggerFactory
>> ..getLogger(ServerPasswordHandler.class);
>>
>> public void handle(Callback[] callbacks) throws IOException,
>> UnsupportedCallbackException {
>>
>> for (int i = 0; i < callbacks.length; i++) {
>> WSPasswordCallback pwcb = (WSPasswordCallback) callbacks[i];
>> if (pwcb.getUsage() ==
>> WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
>> LOG.debug("I am inside the ServerPasswordHandler");
>> String username = pwcb.getIdentifier();
>> String passwd = pwcb.getPassword();
>>
>> LoginContext context = null;
>> try {
>> // Login authentication goes here
>> // use the existing security realm for the moment for
>> testing
>> context = ContextManager.login("geronimo-admin",
>> new UsernamePasswordCallbackHandler(username,
>> passwd));
>> // ContextManager.login(realm, callbackHandler,
>> // configuration)
>> context.login();
>> LOG.debug("login is successful");
>> } catch (LoginException e) {
>> LOG.debug("login failed");
>> throw new IOException("Unable to verify " + username
>> + " and " + passwd);
>> }
>>
>> //TODO: what to do with subject
>> Subject subject = context.getSubject();
>> ContextManager.setCallers(subject, subject);
>>
>> if (!pwcb.getPassword().equals(passwd)) {
>> LOG.debug("wrong password");
>> throw new IOException("wrong password");
>> } else {
>> *LOG.debug("I am setting the password here
>> ::::"
>> + passwd);*
>> * pwcb.setPassword(passwd);*
>> }
>>
>> }
>>
>> }
>> }
>>
>> }
>>
>>
>> In the traces, I can see the password value is "manager" which is sent by
>> client
>> I am setting the password here ::::manager
>>
>> but I dont know why I am getting this error pwd == null but a password is
>> needed at pwcb.setPassword(passwd);
>>
>> Login authentication goes sucessful when the client provides the correct
>> username and password (which are "system and "manager" respectively). and
>> goes unsuccessful otherwise.
>>
>> The full trace from the geronimo.log is attached here: (there are some
>> debug statement to see the traces )
>>
>>
>>
>> 2009-07-27 01:26:17,809 DEBUG [JAXWSServiceReference] Initializing service
>> with:
>> file:/home/rahul/new_workspace1/GerominoWebClient/WEB-INF/wsdl/CalculatorService.wsdl
>> {http://jws.samples.geronimo.apache.org}Calculator
>> 2009-07-27 01:26:18,031 DEBUG [PortMethodInterceptor] Set address
>> property: http://localhost:8080/GerominoWeb/calculator
>> 2009-07-27 01:26:18,031 DEBUG [CXFPortMethodInterceptor] Username and
>> password sent by Clients are : system manager
>> 2009-07-27 01:26:18,126 DEBUG [CXFPasswordHandler] I HAVE SET THE
>> VALUES system and manager
>> 2009-07-27 01:26:18,142 DEBUG [ServerPasswordHandler] I am inside the
>> ServerPasswordHandler
>> 2009-07-27 01:26:18,143 DEBUG [UsernamePasswordCallbackHandler] WHAT I GOT
>> HERE: system and manager
>> 2009-07-27 01:26:18,143 DEBUG [UsernamePasswordCallbackHandler] Username
>> set to: system
>> 2009-07-27 01:26:18,143 DEBUG [UsernamePasswordCallbackHandler] password
>> set to: manager
>> 2009-07-27 01:26:18,144 DEBUG [UsernamePasswordCallbackHandler] WHAT I GOT
>> HERE: system and manager
>> 2009-07-27 01:26:18,144 DEBUG [UsernamePasswordCallbackHandler] Username
>> set to: system
>> 2009-07-27 01:26:18,144 DEBUG [UsernamePasswordCallbackHandler] password
>> set to: manager
>> *2009-07-27 01:26:18,144 DEBUG [ServerPasswordHandler] login is
>> successful*
>> *2009-07-27 01:26:18,145 DEBUG [ServerPasswordHandler] I am setting the
>> password here ::::manager*
>> *2009-07-27 01:26:18,313 INFO [PhaseInterceptorChain] Interceptor has
>> thrown exception, unwinding now pwd == null but a password is needed*
>> 2009-07-27 01:26:18,376 ERROR [log] /jaxws-calculator/calculator
>> *javax.xml.ws.soap.SOAPFaultException: pwd == null but a password is
>> needed*
>> at
>> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:145)
>> at $Proxy67.add(Unknown Source)
>> at CalculatorServlet.doGet(CalculatorServlet.java:42)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:693)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
>> at
>> org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:521)
>> at
>> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:435)
>> at
>> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:118)
>> at
>> org.eclipse.jetty.server.session.SessionHandler.handle(SessionHandler.java:179)
>> at
>> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:928)
>> at
>> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:370)
>> at
>> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:862)
>> at
>> org.apache.geronimo.jetty7.handler.GeronimoWebAppContext.doScope(GeronimoWebAppContext.java:107)
>> at
>> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:116)
>> at
>> org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:243)
>> at
>> org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126)
>> at
>> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:115)
>> at org.eclipse.jetty.server.Server.handle(Server.java:337)
>> at
>> org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:561)
>> at
>> org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:943)
>> at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:530)
>> at
>> org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:203)
>> at
>> org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:414)
>> at
>> org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:437)
>> at org.apache.geronimo.pool.ThreadPool$1.run(ThreadPool.java:214)
>> at
>> org.apache.geronimo.pool.ThreadPool$ContextClassLoaderRunnable.run(ThreadPool.java:344)
>> at
>> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
>> at
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
>> at java.lang.Thread.run(Thread.java:619)
>> *Caused by: org.apache.cxf.binding.soap.SoapFault: pwd == null but a
>> password is needed*
>> at
>> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75)
>> at
>> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46)
>> at
>> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35)
>> at
>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:226)
>> at
>> org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:96)
>> at
>> org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)
>> at
>> org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
>> at
>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:226)
>> at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:641)
>> at
>> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2102)
>> at
>> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1980)
>> at
>> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1905)
>> at
>> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
>> at
>> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:600)
>> at
>> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
>> at
>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:226)
>> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:469)
>> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:299)
>> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:251)
>> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
>> at
>> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
>> ... 28 more
>>
>>
>> Can you please let me know or correct me, why this is happening?, I think
>> if password is set correctly in the pwcb.setPassword(passwd); then client
>> should be able to access the secure web service. I am getting the correct
>> password "manager" (as seen in the logs) and setting the same but I dont
>> know why I am getting this fault.
>>
>> Second thing is, I am not sure what to do with subject?
>>
>> Am I missing something in the above code? Please correct me and help me in
>> this.
>>
>> Many Thanks in advance for your response.
>>
>> Regards,
>> Rahul
>>
>
>
>