You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by pj23 <pa...@gmail.com> on 2011/09/22 21:05:59 UTC
UsernameTokenHandler required? or Help with WSS4J CallbackHandler
Hi, I was doing pretty well with setting up a contract first set of web
services using CXF until I started adding in the WSS4J piece.
I'm trying to debug sending a password and login in the soap header to a cxf
service. I am getting null when I call getPassword() in the
WSPasswordCallback class. I can see from the soap envelope that a password
was sent.
This post,
http://old.nabble.com/PasswordDigest-and-PasswordText-difference-td24475866.html,
from 2009, made me wonder if I am missing (need to create) a
UsernameTokenHandler.
And if that is true, can someone point me to how I would configure it in the
spring/cxf bean xml file?
Any advice or suggestions would be appreciated.
http://cxf.547215.n5.nabble.com/file/n4831197/incoming_soap_msg.xml
incoming_soap_msg.xml
http://cxf.547215.n5.nabble.com/file/n4831197/beans.xml beans.xml (just in
case my configuration is incomplete)
http://cxf.547215.n5.nabble.com/file/n4831197/ServicePWCallback.java
ServicePWCallback.java (shows the call)
--
View this message in context: http://cxf.547215.n5.nabble.com/UsernameTokenHandler-required-or-Help-with-WSS4J-CallbackHandler-tp4831197p4831197.html
Sent from the cxf-user mailing list archive at Nabble.com.
RE: UsernameTokenHandler required? or Help with WSS4J
CallbackHandler
Posted by "Penmatsa, Vinay" <vi...@sap.com>.
If you want to customize the validation, you can extend the UsernameTokenValidator and ask WSS4JInInterceptor to use your validator.
Map<QName, Validator> validatorMap = new HashMap<QName, Validator>();
validatorMap.put(WSSecurityEngine.USERNAME_TOKEN, new MyUsernameTokenValidator());
props.put(WSS4JInInterceptor.VALIDATOR_MAP, validatorMap);
WSS4JInInterceptor unTokenInterceptor = new WSS4JInInterceptor(props);
-Vinay
-----Original Message-----
From: Penmatsa, Vinay [mailto:vinay.penmatsa@sap.com]
Sent: Thursday, September 22, 2011 5:37 PM
To: users@cxf.apache.org
Subject: RE: UsernameTokenHandler required? or Help with WSS4J CallbackHandler
Hi,
Which version of CXF are you using? I think there have been some changes in usage of the callback handler:
http://coheigea.blogspot.com/2011/02/usernametoken-processing-changes-in.html
Now, you need to set the password on the callback handler and the UsernameTokenValidator does the verification.
-Vinay
-----Original Message-----
From: pj23 [mailto:pamh09@gmail.com]
Sent: Thursday, September 22, 2011 3:06 PM
To: users@cxf.apache.org
Subject: UsernameTokenHandler required? or Help with WSS4J CallbackHandler
Hi, I was doing pretty well with setting up a contract first set of web
services using CXF until I started adding in the WSS4J piece.
I'm trying to debug sending a password and login in the soap header to a cxf
service. I am getting null when I call getPassword() in the
WSPasswordCallback class. I can see from the soap envelope that a password
was sent.
This post,
http://old.nabble.com/PasswordDigest-and-PasswordText-difference-td24475866.html,
from 2009, made me wonder if I am missing (need to create) a
UsernameTokenHandler.
And if that is true, can someone point me to how I would configure it in the
spring/cxf bean xml file?
Any advice or suggestions would be appreciated.
http://cxf.547215.n5.nabble.com/file/n4831197/incoming_soap_msg.xml
incoming_soap_msg.xml
http://cxf.547215.n5.nabble.com/file/n4831197/beans.xml beans.xml (just in
case my configuration is incomplete)
http://cxf.547215.n5.nabble.com/file/n4831197/ServicePWCallback.java
ServicePWCallback.java (shows the call)
--
View this message in context: http://cxf.547215.n5.nabble.com/UsernameTokenHandler-required-or-Help-with-WSS4J-CallbackHandler-tp4831197p4831197.html
Sent from the cxf-user mailing list archive at Nabble.com.
RE: UsernameTokenHandler required? or Help with WSS4J
CallbackHandler
Posted by "Penmatsa, Vinay" <vi...@sap.com>.
Hi,
Which version of CXF are you using? I think there have been some changes in usage of the callback handler:
http://coheigea.blogspot.com/2011/02/usernametoken-processing-changes-in.html
Now, you need to set the password on the callback handler and the UsernameTokenValidator does the verification.
-Vinay
-----Original Message-----
From: pj23 [mailto:pamh09@gmail.com]
Sent: Thursday, September 22, 2011 3:06 PM
To: users@cxf.apache.org
Subject: UsernameTokenHandler required? or Help with WSS4J CallbackHandler
Hi, I was doing pretty well with setting up a contract first set of web
services using CXF until I started adding in the WSS4J piece.
I'm trying to debug sending a password and login in the soap header to a cxf
service. I am getting null when I call getPassword() in the
WSPasswordCallback class. I can see from the soap envelope that a password
was sent.
This post,
http://old.nabble.com/PasswordDigest-and-PasswordText-difference-td24475866.html,
from 2009, made me wonder if I am missing (need to create) a
UsernameTokenHandler.
And if that is true, can someone point me to how I would configure it in the
spring/cxf bean xml file?
Any advice or suggestions would be appreciated.
http://cxf.547215.n5.nabble.com/file/n4831197/incoming_soap_msg.xml
incoming_soap_msg.xml
http://cxf.547215.n5.nabble.com/file/n4831197/beans.xml beans.xml (just in
case my configuration is incomplete)
http://cxf.547215.n5.nabble.com/file/n4831197/ServicePWCallback.java
ServicePWCallback.java (shows the call)
--
View this message in context: http://cxf.547215.n5.nabble.com/UsernameTokenHandler-required-or-Help-with-WSS4J-CallbackHandler-tp4831197p4831197.html
Sent from the cxf-user mailing list archive at Nabble.com.
AW: UsernameTokenHandler required? or Help with WSS4J
CallbackHandler
Posted by Oliver Wulff <ow...@talend.com>.
That's right.
It works fine as long as you have a access to the password. If you manage the users in a ldap system, it is more difficult. This will be addressed by the JAASUsernameTokenValidator - without programming.
________________________________________
Von: pj23 [pamh09@gmail.com]
Gesendet: Freitag, 23. September 2011 17:09
Bis: users@cxf.apache.org
Betreff: Re: UsernameTokenHandler required? or Help with WSS4J CallbackHandler
typo in String.
--
View this message in context: http://cxf.547215.n5.nabble.com/UsernameTokenHandler-required-or-Help-with-WSS4J-CallbackHandler-tp4831197p4833938.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: UsernameTokenHandler required? or Help with WSS4J
CallbackHandler
Posted by pj23 <pa...@gmail.com>.
typo in String.
--
View this message in context: http://cxf.547215.n5.nabble.com/UsernameTokenHandler-required-or-Help-with-WSS4J-CallbackHandler-tp4831197p4833938.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: UsernameTokenHandler required? or Help with WSS4J
CallbackHandler
Posted by pj23 <pa...@gmail.com>.
Another typo! It should be pc.setPassword(password); not
pc.getPassword(password);
--
View this message in context: http://cxf.547215.n5.nabble.com/UsernameTokenHandler-required-or-Help-with-WSS4J-CallbackHandler-tp4831197p4849910.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: UsernameTokenHandler required? or Help with WSS4J
CallbackHandler
Posted by pj23 <pa...@gmail.com>.
Thanks for all your help. I have made progress on this. I am using CXF
2.4.2 and WSS4J 1.6.2. The framework now takes care of checking the
password for you. So the correct inside section is
if (callbacks[i] instanceof WSPasswordCallback) {
WSPasswordCallback pc = (WSPasswordCallback)
callbacks[i];
sString login = pc.getIdentifier();
String password = getPassword(login);
pc.getPassword(login);
//...
}
Instead of retrieving the password from the soap header to compare against
the expected value, you lookup the expected value and pass it to the
framework to do the comparison.
--
View this message in context: http://cxf.547215.n5.nabble.com/UsernameTokenHandler-required-or-Help-with-WSS4J-CallbackHandler-tp4831197p4833929.html
Sent from the cxf-user mailing list archive at Nabble.com.
AW: UsernameTokenHandler required? or Help with WSS4J
CallbackHandler
Posted by Oliver Wulff <ow...@talend.com>.
The UsernameTokenValidator expects that the callbackhandler sets the password in the WSPasswordCallback. The password is then compared by the UsernameTokenValidator itself.
Maybe the following WSS4J validator is of interest for you because it supports JAAS to validate username/password. Either you write your own login module or use for example the standard LdapLoginModule shipped as part of the JDK.
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/validate/JAASUsernameTokenValidator.java?view=log
This will be part of CXF 2.4.3 which should be released soon.
Thanks
Oli
________________________________________
Von: pj23 [pamh09@gmail.com]
Gesendet: Donnerstag, 22. September 2011 21:05
Bis: users@cxf.apache.org
Betreff: UsernameTokenHandler required? or Help with WSS4J CallbackHandler
Hi, I was doing pretty well with setting up a contract first set of web
services using CXF until I started adding in the WSS4J piece.
I'm trying to debug sending a password and login in the soap header to a cxf
service. I am getting null when I call getPassword() in the
WSPasswordCallback class. I can see from the soap envelope that a password
was sent.
This post,
http://old.nabble.com/PasswordDigest-and-PasswordText-difference-td24475866.html,
from 2009, made me wonder if I am missing (need to create) a
UsernameTokenHandler.
And if that is true, can someone point me to how I would configure it in the
spring/cxf bean xml file?
Any advice or suggestions would be appreciated.
http://cxf.547215.n5.nabble.com/file/n4831197/incoming_soap_msg.xml
incoming_soap_msg.xml
http://cxf.547215.n5.nabble.com/file/n4831197/beans.xml beans.xml (just in
case my configuration is incomplete)
http://cxf.547215.n5.nabble.com/file/n4831197/ServicePWCallback.java
ServicePWCallback.java (shows the call)
--
View this message in context: http://cxf.547215.n5.nabble.com/UsernameTokenHandler-required-or-Help-with-WSS4J-CallbackHandler-tp4831197p4831197.html
Sent from the cxf-user mailing list archive at Nabble.com.