You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by patch_78 <pa...@hotmail.com> on 2013/06/03 12:25:33 UTC

ws-security.saml-callback-handler not invoked

Hi,

I would like to implement custom SAML callback handler that inserts SAML2
assertion into SOAP header. But my custom SAML callback handler class is not
invoked. Here is my applicationContext.xml

        <jaxws:client id="HelloServiceClient"
serviceName="svc:GreeterService"
		xmlns:svc="http://apache.org/hello_world_soap_http"
		serviceClass="org.apache.hello_world_soap_http.Greeter"
		address="http://localhost:10080/service/GreeterService"
		wsdlLocation="WEB-INF/wsdl/hello_world.wsdl">
		<jaxws:properties>
			<entry key="ws-security.saml-callback-handler"
value="com.example.SamlCallbackHandler" />
			
		</jaxws:properties>
	</jaxws:client>

Any suggestions?

Thanks,
patch



--
View this message in context: http://cxf.547215.n5.nabble.com/ws-security-saml-callback-handler-not-invoked-tp5728636.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: ws-security.saml-callback-handler not invoked

Posted by Colm O hEigeartaigh <co...@apache.org>.

It looks like you are using an "IssuedToken" policy, which is not what you
want. IssuedToken creates a request to a SecurityTokenService to issue a
particular token. Instead, try one of the simpler SamlToken policies in
that wsdl.

Colm.


On Wed, Jun 5, 2013 at 10:39 AM, patch_78 <pa...@hotmail.com> wrote:

> Hi Colm,
>
> I use the wsdl from
>
> http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/
> in my project.
>
> When the client calls the service, it also calls STSClient and gets error
> from NoClassDefFoundError below. I don't think in the test
> (http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/),
> STSClient is called. Do you have any ideas why my client behaves
> differently
> from the test?
>
> java.lang.NoClassDefFoundError: org/apache/cxf/ws/mex/MetadataExchange
>         at
>
> org.apache.cxf.ws.security.trust.AbstractSTSClient.configureViaEPR(AbstractSTSClient.java:482)
>         at
> org.apache.cxf.ws.security.trust.STSUtils.getClient(STSUtils.java:110)
>         at
>
> org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.issueToken(IssuedTokenInterceptorProvider.java:413)
>         at
>
> org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.handleMessage(IssuedTokenInterceptorProvider.java:149)
>         at
>
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
>         at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530)
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
>         at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
>         at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:133)
>         at sun.proxy.$Proxy25.doubleIt(Unknown Source)
>         at client.WSClient.doubleIt(WSClient.java:27)
>         at client.WSClient.main(WSClient.java:20)
>
> patch.
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/ws-security-saml-callback-handler-not-invoked-tp5728636p5728777.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Re: ws-security.saml-callback-handler not invoked

Posted by patch_78 <pa...@hotmail.com>.

Hi Colm,

I use the wsdl from 
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/
in my project. 

When the client calls the service, it also calls STSClient and gets error
from NoClassDefFoundError below. I don't think in the test
(http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/),
STSClient is called. Do you have any ideas why my client behaves differently
from the test?

java.lang.NoClassDefFoundError: org/apache/cxf/ws/mex/MetadataExchange
	at
org.apache.cxf.ws.security.trust.AbstractSTSClient.configureViaEPR(AbstractSTSClient.java:482)
	at org.apache.cxf.ws.security.trust.STSUtils.getClient(STSUtils.java:110)
	at
org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.issueToken(IssuedTokenInterceptorProvider.java:413)
	at
org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.handleMessage(IssuedTokenInterceptorProvider.java:149)
	at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
	at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530)
	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
	at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
	at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:133)
	at sun.proxy.$Proxy25.doubleIt(Unknown Source)
	at client.WSClient.doubleIt(WSClient.java:27)
	at client.WSClient.main(WSClient.java:20)

patch.



--
View this message in context: http://cxf.547215.n5.nabble.com/ws-security-saml-callback-handler-not-invoked-tp5728636p5728777.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: ws-security.saml-callback-handler not invoked

Posted by Colm O hEigeartaigh <co...@apache.org>.

To actually include the SAML Token in the security header, you need to also
have either a SecurityPolicy that references a SamlToken policy, or else
set up WSS4J using the older "Action" based approach. For an example of the
policy case, please take a look at the SAML test data here:

http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/

Colm.




On Mon, Jun 3, 2013 at 11:25 AM, patch_78 <pa...@hotmail.com> wrote:

> Hi,
>
> I would like to implement custom SAML callback handler that inserts SAML2
> assertion into SOAP header. But my custom SAML callback handler class is
> not
> invoked. Here is my applicationContext.xml
>
>         <jaxws:client id="HelloServiceClient"
> serviceName="svc:GreeterService"
>                 xmlns:svc="http://apache.org/hello_world_soap_http"
>                 serviceClass="org.apache.hello_world_soap_http.Greeter"
>                 address="http://localhost:10080/service/GreeterService"
>                 wsdlLocation="WEB-INF/wsdl/hello_world.wsdl">
>                 <jaxws:properties>
>                         <entry key="ws-security.saml-callback-handler"
> value="com.example.SamlCallbackHandler" />
>
>                 </jaxws:properties>
>         </jaxws:client>
>
> Any suggestions?
>
> Thanks,
> patch
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/ws-security-saml-callback-handler-not-invoked-tp5728636.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com