You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Dennis Sosnoski <dm...@sosnoski.com> on 2010/08/12 14:14:18 UTC
Username token with HashPassword
I'm trying to use a UsernameToken security configuration with
HashPassword. The CXF client generates a token that looks good on the
wire, but the server returns a fault "The security token could not be
authenticated or authorized". The same client and server code works with
plain text password.
Is anyone using HashPassword successfully? Figured I'd check before I
spend too much time on investigating what's going wrong. Thanks,
- Dennis
--
Dennis M. Sosnoski
XML and Web Services in Java
Training and Consulting
http://www.sosnoski.com - http://www.sosnoski.co.nz
Seattle, WA +1-425-939-0576 - Wellington, NZ +64-4-298-6117
Re: Username token with HashPassword
Posted by Sergey Beryozkin <sb...@gmail.com>.
On Thu, Aug 12, 2010 at 1:14 PM, Dennis Sosnoski <dm...@sosnoski.com> wrote:
> I'm trying to use a UsernameToken security configuration with
> HashPassword. The CXF client generates a token that looks good on the
> wire, but the server returns a fault "The security token could not be
> authenticated or authorized". The same client and server code works with
> plain text password.
>
> Is anyone using HashPassword successfully? Figured I'd check before I
> spend too much time on investigating what's going wrong. Thanks,
>
I did, but I had to extend and override
AbstractUsernameTokenAuthenticatingInterceptor;
actually, there's even a test on the trunk, a wsdl-first case with a
ws-policy expression (UsernameTokenInterceptor is extended in this case) :
http://svn.apache.org/repos/asf/cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10UsernameAuthorizationTest.java
http://svn.apache.org/repos/asf/cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/CustomUsernameTokenInterceptor.java
http://svn.apache.org/repos/asf/cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/server_restricted_authorized.xml
http://svn.apache.org/repos/asf/cxf/trunk/systests/ws-specs/src/test/resources/wsdl_systest_wsspec/wssec10/WsSecurity10_12_policy_restricted_hashed.wsdl
cheers, Sergey
>
> - Dennis
>
> --
> Dennis M. Sosnoski
> XML and Web Services in Java
> Training and Consulting
> http://www.sosnoski.com - http://www.sosnoski.co.nz
> Seattle, WA +1-425-939-0576 - Wellington, NZ +64-4-298-6117
>
>