You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by Dennis Sosnoski <dm...@sosnoski.com> on 2010/08/12 14:14:18 UTC

Username token with HashPassword

I'm trying to use a UsernameToken security configuration with
HashPassword. The CXF client generates a token that looks good on the
wire, but the server returns a fault "The security token could not be
authenticated or authorized". The same client and server code works with
plain text password.

Is anyone using HashPassword successfully? Figured I'd check before I
spend too much time on investigating what's going wrong. Thanks,

  - Dennis

-- 
Dennis M. Sosnoski
XML and Web Services in Java
Training and Consulting
http://www.sosnoski.com - http://www.sosnoski.co.nz
Seattle, WA +1-425-939-0576 - Wellington, NZ +64-4-298-6117

Re: Username token with HashPassword

Posted by Sergey Beryozkin <sb...@gmail.com>.

On Thu, Aug 12, 2010 at 1:14 PM, Dennis Sosnoski <dm...@sosnoski.com> wrote:

> I'm trying to use a UsernameToken security configuration with
> HashPassword. The CXF client generates a token that looks good on the
> wire, but the server returns a fault "The security token could not be
> authenticated or authorized". The same client and server code works with
> plain text password.
>
> Is anyone using HashPassword successfully? Figured I'd check before I
> spend too much time on investigating what's going wrong. Thanks,
>

I did, but I had to extend and override
AbstractUsernameTokenAuthenticatingInterceptor;

actually, there's even a test on the trunk, a wsdl-first case with a
ws-policy expression (UsernameTokenInterceptor is extended in this case) :

http://svn.apache.org/repos/asf/cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10UsernameAuthorizationTest.java

http://svn.apache.org/repos/asf/cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/CustomUsernameTokenInterceptor.java
http://svn.apache.org/repos/asf/cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/server_restricted_authorized.xml
http://svn.apache.org/repos/asf/cxf/trunk/systests/ws-specs/src/test/resources/wsdl_systest_wsspec/wssec10/WsSecurity10_12_policy_restricted_hashed.wsdl

cheers, Sergey



>
>  - Dennis
>
> --
> Dennis M. Sosnoski
> XML and Web Services in Java
> Training and Consulting
> http://www.sosnoski.com - http://www.sosnoski.co.nz
> Seattle, WA +1-425-939-0576 - Wellington, NZ +64-4-298-6117
>
>