You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by jasminadesai <ja...@yahoo.com> on 2014/08/12 03:47:25 UTC

cxf-rt-ws-security 2.2.1 works and 2.3.11 does not with the same code

Hi,

I have a custom callbackhandler and custom userdetailsservice in my
application.

I use cxf-rt-ws-security 2.2.1

Here is snippet from my custom callbackhandler.

protected void handleWSPasswordCallback(WSPasswordCallback callback) {
        String username = callback.getIdentifer(); //For 2.3.11 this changes
to getIdentifier
        String password = callback.getPassword();
        try {
                String encPwd =
PasswordDigest.encryptAccountPassword(password);
                UsernamePasswordAuthenticationToken token = new
UsernamePasswordAuthenticationToken(username, encPwd);
                Authentication auth =
authenticationManager.authenticate(token);
                SecurityContextHolder.getContext().setAuthentication(auth);
        } catch (Exception e) {
            throw new SecurityException("Authentication Failed.");
        }
    }

and here is a snippet from the custom userdetailsservice.

public UserDetails loadUserByUsername(String username) throws
UsernameNotFoundException, DataAccessException {
	String accountId = accountMatcher.group (1);
	Account account = serviceLocator.getAccountRepository ().lookupAccount (new
Long (accountId));

	// Grant our base authorities.
	List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority> ();
	authorities.add (new GrantedAuthorityImpl (ROLE_MERCHANT_ACCOUNT));

	UserDetails userDetails = new User (username, account.getPassword(), true,
true, true, account.isStatusActive (), authorities.toArray (new
GrantedAuthority[authorities.size ()]));

	return userDetails;
        
}

This code works perfectly fine with cxf version 2.2.1.
The moment I change the version to 2.3.11, it starts giving me "Bad
Credentials" exception.

Can someone please help me with this. If I debug the code in 2.3.11, the
UsernamePasswordAuthenticationToken password and the password is the db is
exactly the same. I still get "Bad Credentials".


Regards,
Jasmina





--
View this message in context: http://cxf.547215.n5.nabble.com/cxf-rt-ws-security-2-2-1-works-and-2-3-11-does-not-with-the-same-code-tp5747661.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: cxf-rt-ws-security 2.2.1 works and 2.3.11 does not with the same code

Posted by Colm O hEigeartaigh <co...@apache.org>.

CXF 2.2.x and 2.3.x are quite old and are no longer maintained. Could you
try updating to a more recent version of CXF?

Colm.


On Tue, Aug 12, 2014 at 2:47 AM, jasminadesai <ja...@yahoo.com>
wrote:

> Hi,
>
> I have a custom callbackhandler and custom userdetailsservice in my
> application.
>
> I use cxf-rt-ws-security 2.2.1
>
> Here is snippet from my custom callbackhandler.
>
> protected void handleWSPasswordCallback(WSPasswordCallback callback) {
>         String username = callback.getIdentifer(); //For 2.3.11 this
> changes
> to getIdentifier
>         String password = callback.getPassword();
>         try {
>                 String encPwd =
> PasswordDigest.encryptAccountPassword(password);
>                 UsernamePasswordAuthenticationToken token = new
> UsernamePasswordAuthenticationToken(username, encPwd);
>                 Authentication auth =
> authenticationManager.authenticate(token);
>                 SecurityContextHolder.getContext().setAuthentication(auth);
>         } catch (Exception e) {
>             throw new SecurityException("Authentication Failed.");
>         }
>     }
>
> and here is a snippet from the custom userdetailsservice.
>
> public UserDetails loadUserByUsername(String username) throws
> UsernameNotFoundException, DataAccessException {
>         String accountId = accountMatcher.group (1);
>         Account account = serviceLocator.getAccountRepository
> ().lookupAccount (new
> Long (accountId));
>
>         // Grant our base authorities.
>         List<GrantedAuthority> authorities = new
> ArrayList<GrantedAuthority> ();
>         authorities.add (new GrantedAuthorityImpl (ROLE_MERCHANT_ACCOUNT));
>
>         UserDetails userDetails = new User (username,
> account.getPassword(), true,
> true, true, account.isStatusActive (), authorities.toArray (new
> GrantedAuthority[authorities.size ()]));
>
>         return userDetails;
>
> }
>
> This code works perfectly fine with cxf version 2.2.1.
> The moment I change the version to 2.3.11, it starts giving me "Bad
> Credentials" exception.
>
> Can someone please help me with this. If I debug the code in 2.3.11, the
> UsernamePasswordAuthenticationToken password and the password is the db is
> exactly the same. I still get "Bad Credentials".
>
>
> Regards,
> Jasmina
>
>
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/cxf-rt-ws-security-2-2-1-works-and-2-3-11-does-not-with-the-same-code-tp5747661.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com