You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by remy2009 <re...@gmail.com> on 2009/02/03 18:02:38 UTC
USERNAME_TOKEN + SIGNATURE gives "General security error
(WSSecurityEngine: No password callback supplied)"
Hello,
Reading aprrox. all of the cxf-user forum still cannot find answer.
Maybe missed something?
I'm trying to set up USERNAME_TOKEN + SIGNATURE in cxf 2.1.3 but cannot make
it work (also tried 2.1.2, 2.1.4 and 2.2 with same results)
Only USERNAME_TOKEN works fine. Only SIGNATURE works fine but the
combination keeps giving following exception.
INFO: Interceptor has thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: General security error
(WSSecurityEngine: No password callback supplied)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:398)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:247)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:65)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:220)
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:78)
at
org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:92)
at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:283)
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:166)
at
org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServlet.java:174)
at
org.apache.cxf.transport.servlet.AbstractCXFServlet.doPost(AbstractCXFServlet.java:152)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
Caused by: org.apache.ws.security.WSSecurityException: General security
error (WSSecurityEngine: No password callback supplied)
at
org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:134)
at
org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:53)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:311)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:228)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:153)
... 22 more
Feb 3, 2009 5:40:48 PM
org.apache.cxf.interceptor.LoggingOutInterceptor$LoggingCallback onClose
After trying almost everything that was said on this forum and reading most
of Glan Mazza's weblogs still no luck. Found some people that seem to have
same problem but did not find conclusive answer.
There should have been a fix in wws4j 1.5.5. but after installing in cxf-2.2
(snapshot) still same error.
Has anyone got it to work?
Any ideas/help very much appreciated
Remy
--
View this message in context: http://www.nabble.com/USERNAME_TOKEN-%2B-SIGNATURE-gives-%22General-security-error-%28WSSecurityEngine%3A-No-password-callback-supplied%29%22-tp21814109p21814109.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: USERNAME_TOKEN + SIGNATURE gives "General security error (WSSecurityEngine: No password callback supplied)"
Posted by Daniel Kulp <dk...@apache.org>.
On Thu June 11 2009 5:42:26 am remy2009 wrote:
> Can dig up some code Dan, but unfortunately don't know how to post to a
> JIRA, never did.
> Can I use "Upload File" button for that?
Yep. Just zip up the sample into a zip file (or tar.gz) and use the Upload
File thing to attach it to the JIRA.
Dan
>
> Remy
>
> dkulp wrote:
> > Could one of you create a small example and post it to a JIRA?
> >
> > Thanks!
> > Dan
> >
> > On Wed June 10 2009 1:29:06 pm mhw wrote:
> >> Yes, I've been trying with 2.2.2. No luck.
> >>
> >> This is actually a showstopper for us because at the very least we need
> >> to
> >> combine username token with timestamp in order to be backwards
> >> compatible with our customers. I guess we are stuck with CXF 1.x for
> >> now. :-(
> >
> > --
> > Daniel Kulp
> > dkulp@apache.org
> > http://www.dankulp.com/blog
--
Daniel Kulp
dkulp@apache.org
http://www.dankulp.com/blog
Re: USERNAME_TOKEN + SIGNATURE gives "General security error
(WSSecurityEngine: No password callback supplied)"
Posted by remy2009 <re...@gmail.com>.
Can dig up some code Dan, but unfortunately don't know how to post to a JIRA,
never did.
Can I use "Upload File" button for that?
Remy
dkulp wrote:
>
>
> Could one of you create a small example and post it to a JIRA?
>
> Thanks!
> Dan
>
>
> On Wed June 10 2009 1:29:06 pm mhw wrote:
>> Yes, I've been trying with 2.2.2. No luck.
>>
>> This is actually a showstopper for us because at the very least we need
>> to
>> combine username token with timestamp in order to be backwards compatible
>> with our customers. I guess we are stuck with CXF 1.x for now. :-(
>
> --
> Daniel Kulp
> dkulp@apache.org
> http://www.dankulp.com/blog
>
>
--
View this message in context: http://www.nabble.com/USERNAME_TOKEN-%2B-SIGNATURE-gives-%22General-security-error-%28WSSecurityEngine%3A-No-password-callback-supplied%29%22-tp21814109p23978252.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: USERNAME_TOKEN + SIGNATURE gives "General security error (WSSecurityEngine: No password callback supplied)"
Posted by Daniel Kulp <dk...@apache.org>.
Could one of you create a small example and post it to a JIRA?
Thanks!
Dan
On Wed June 10 2009 1:29:06 pm mhw wrote:
> Yes, I've been trying with 2.2.2. No luck.
>
> This is actually a showstopper for us because at the very least we need to
> combine username token with timestamp in order to be backwards compatible
> with our customers. I guess we are stuck with CXF 1.x for now. :-(
--
Daniel Kulp
dkulp@apache.org
http://www.dankulp.com/blog
Re: USERNAME_TOKEN + SIGNATURE gives "General security error
(WSSecurityEngine: No password callback supplied)"
Posted by mhw <ma...@jivesoftware.com>.
Yes, I've been trying with 2.2.2. No luck.
This is actually a showstopper for us because at the very least we need to
combine username token with timestamp in order to be backwards compatible
with our customers. I guess we are stuck with CXF 1.x for now. :-(
--
View this message in context: http://www.nabble.com/USERNAME_TOKEN-%2B-SIGNATURE-gives-%22General-security-error-%28WSSecurityEngine%3A-No-password-callback-supplied%29%22-tp21814109p23967209.html
Sent from the cxf-user mailing list archive at Nabble.com.
RE: USERNAME_TOKEN + SIGNATURE gives "General security error (WSSecurityEngine: No password callback supplied)"
Posted by Eamonn Dwyer <EA...@progress.com>.
Hi Remy
I don't believe that the signatureParts is mandatory and if it's not set
then it defaults to signing the body. But this is based on a read of the
comments in org.apache.ws.security.handler.WSHandler.java
/*
* If after all the parsing no Signature parts defined, set here
a
* default set. This is necessary because we add
SignatureConfirmation
* and therefore the default (Body) must be set here. The
default setting
* in WSSignEnvelope doesn't work because the vector is not
empty anymore.
*/
Good luck,
Eamonn
-----Original Message-----
From: remy2009 [mailto:remy.hanswijk@gmail.com]
Sent: 11 June 2009 12:35
To: users@cxf.apache.org
Subject: RE: USERNAME_TOKEN + SIGNATURE gives "General security error
(WSSecurityEngine: No password callback supplied)"
Thanks Eamonn,
Must give this a try in the next few days.
Have to adapt for my code though, don't use the bean stuff myself, set
the
interceptors with annotations in the code. Still should be able to use
your
stuff. E.g. I didn't set "signatureParts". Is this mandatory?
Remy
Eamonn Dwyer wrote:
>
> Hi Remy
> Username, Timestamp, Signature seems to work for me using the
following
> config with cxf 2.1.3.1. Maybe this config might help for comparison.
>
> Regards,
> Eamonn
>
> In the Client :
>
> <bean
> id="SignBodyByAliceOutInterceptor"
> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"
> >
> <constructor-arg>
> <map>
> <entry key="action" value="UsernameToken Timestamp
> Signature"/>
> <entry key="user" value="alice"/>
> <entry key="signaturePropFile"
> value="alice.properties"/>
> <entry key="passwordCallbackClass"
> value="com.test.common.PasswordCallbackHandler"/>
> <entry
> key="signatureParts"
>
>
value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss
>
-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.o
> rg/soap/envelope/}Body"
> />
> </map>
> </constructor-arg>
> </bean>
>
>
> In the Server :
>
> <bean
> id="VerifyBodySignedByAliceInInterceptor"
> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"
> >
> <constructor-arg>
> <map>
> <entry key="signaturePropFile"
> value="alice.properties"/>
> <entry key="action" value="UsernameToken Timestamp
> Signature"/>
> <entry key="passwordCallbackClass" value="com.test.
> common.PasswordCallbackHandler"/>
>
> </map>
> </constructor-arg>
> </bean>
>
>
>
>
>
>
> -----Original Message-----
> From: remy2009 [mailto:remy.hanswijk@gmail.com]
> Sent: 11 June 2009 10:36
> To: users@cxf.apache.org
> Subject: Re: USERNAME_TOKEN + SIGNATURE gives "General security error
> (WSSecurityEngine: No password callback supplied)"
>
>
> Hi Mark,
>
> Tried the trick with multiple interceptors. Didn't work for me. But
> admitted, was some time ago. Wasn't too familiar with cxf yet. You
> might
> give it a try yourself.
>
> Remy
>
>
> mhw wrote:
>>
>> Remy,
>>
>> I just thought of a possible solution. Instead of supplying two
> actions to
>> the same interceptor, maybe one could create two separate
interceptors
> -
>> one handling the USERNAME_TOKEN, the other handling the SIGNATURE
> actions.
>> (or in my case, timestamp).
>>
>> Did you ever try this?
>>
>> --Mark
>>
>>
>>
>>
>> remy2009 wrote:
>>>
>>> Sorry, nothing yet. Work with custom SOAP_HEADER with SAML_TOKEN at
> the
>>> moment. This works for me at the moment but I will probably need
>>> USERNAME_TOKEN with SECURITY in the near. Still waiting for
solution.
>>>
>>> Did you happen to try new cxf-2.2.2 version yet?
>>>
>>> Remy
>>>
>>>
>>
>>
>
>
>
> --
> View this message in context:
>
http://www.nabble.com/USERNAME_TOKEN-%2B-SIGNATURE-gives-%22General-secu
>
rity-error-%28WSSecurityEngine%3A-No-password-callback-supplied%29%22-tp
> 21814109p23978179.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
>
>
--
View this message in context:
http://www.nabble.com/USERNAME_TOKEN-%2B-SIGNATURE-gives-%22General-secu
rity-error-%28WSSecurityEngine%3A-No-password-callback-supplied%29%22-tp
21814109p23979605.html
Sent from the cxf-user mailing list archive at Nabble.com.
RE: USERNAME_TOKEN + SIGNATURE gives "General security error
(WSSecurityEngine: No password callback supplied)"
Posted by remy2009 <re...@gmail.com>.
Thanks Eamonn,
Must give this a try in the next few days.
Have to adapt for my code though, don't use the bean stuff myself, set the
interceptors with annotations in the code. Still should be able to use your
stuff. E.g. I didn't set "signatureParts". Is this mandatory?
Remy
Eamonn Dwyer wrote:
>
> Hi Remy
> Username, Timestamp, Signature seems to work for me using the following
> config with cxf 2.1.3.1. Maybe this config might help for comparison.
>
> Regards,
> Eamonn
>
> In the Client :
>
> <bean
> id="SignBodyByAliceOutInterceptor"
> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"
> >
> <constructor-arg>
> <map>
> <entry key="action" value="UsernameToken Timestamp
> Signature"/>
> <entry key="user" value="alice"/>
> <entry key="signaturePropFile"
> value="alice.properties"/>
> <entry key="passwordCallbackClass"
> value="com.test.common.PasswordCallbackHandler"/>
> <entry
> key="signatureParts"
>
> value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss
> -wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.o
> rg/soap/envelope/}Body"
> />
> </map>
> </constructor-arg>
> </bean>
>
>
> In the Server :
>
> <bean
> id="VerifyBodySignedByAliceInInterceptor"
> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"
> >
> <constructor-arg>
> <map>
> <entry key="signaturePropFile"
> value="alice.properties"/>
> <entry key="action" value="UsernameToken Timestamp
> Signature"/>
> <entry key="passwordCallbackClass" value="com.test.
> common.PasswordCallbackHandler"/>
>
> </map>
> </constructor-arg>
> </bean>
>
>
>
>
>
>
> -----Original Message-----
> From: remy2009 [mailto:remy.hanswijk@gmail.com]
> Sent: 11 June 2009 10:36
> To: users@cxf.apache.org
> Subject: Re: USERNAME_TOKEN + SIGNATURE gives "General security error
> (WSSecurityEngine: No password callback supplied)"
>
>
> Hi Mark,
>
> Tried the trick with multiple interceptors. Didn't work for me. But
> admitted, was some time ago. Wasn't too familiar with cxf yet. You
> might
> give it a try yourself.
>
> Remy
>
>
> mhw wrote:
>>
>> Remy,
>>
>> I just thought of a possible solution. Instead of supplying two
> actions to
>> the same interceptor, maybe one could create two separate interceptors
> -
>> one handling the USERNAME_TOKEN, the other handling the SIGNATURE
> actions.
>> (or in my case, timestamp).
>>
>> Did you ever try this?
>>
>> --Mark
>>
>>
>>
>>
>> remy2009 wrote:
>>>
>>> Sorry, nothing yet. Work with custom SOAP_HEADER with SAML_TOKEN at
> the
>>> moment. This works for me at the moment but I will probably need
>>> USERNAME_TOKEN with SECURITY in the near. Still waiting for solution.
>>>
>>> Did you happen to try new cxf-2.2.2 version yet?
>>>
>>> Remy
>>>
>>>
>>
>>
>
>
>
> --
> View this message in context:
> http://www.nabble.com/USERNAME_TOKEN-%2B-SIGNATURE-gives-%22General-secu
> rity-error-%28WSSecurityEngine%3A-No-password-callback-supplied%29%22-tp
> 21814109p23978179.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
>
>
--
View this message in context: http://www.nabble.com/USERNAME_TOKEN-%2B-SIGNATURE-gives-%22General-security-error-%28WSSecurityEngine%3A-No-password-callback-supplied%29%22-tp21814109p23979605.html
Sent from the cxf-user mailing list archive at Nabble.com.
RE: USERNAME_TOKEN + SIGNATURE gives "General security error (WSSecurityEngine: No password callback supplied)"
Posted by Eamonn Dwyer <EA...@progress.com>.
Hi Remy
Username, Timestamp, Signature seems to work for me using the following
config with cxf 2.1.3.1. Maybe this config might help for comparison.
Regards,
Eamonn
In the Client :
<bean
id="SignBodyByAliceOutInterceptor"
class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"
>
<constructor-arg>
<map>
<entry key="action" value="UsernameToken Timestamp
Signature"/>
<entry key="user" value="alice"/>
<entry key="signaturePropFile"
value="alice.properties"/>
<entry key="passwordCallbackClass"
value="com.test.common.PasswordCallbackHandler"/>
<entry
key="signatureParts"
value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss
-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.o
rg/soap/envelope/}Body"
/>
</map>
</constructor-arg>
</bean>
In the Server :
<bean
id="VerifyBodySignedByAliceInInterceptor"
class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"
>
<constructor-arg>
<map>
<entry key="signaturePropFile"
value="alice.properties"/>
<entry key="action" value="UsernameToken Timestamp
Signature"/>
<entry key="passwordCallbackClass" value="com.test.
common.PasswordCallbackHandler"/>
</map>
</constructor-arg>
</bean>
-----Original Message-----
From: remy2009 [mailto:remy.hanswijk@gmail.com]
Sent: 11 June 2009 10:36
To: users@cxf.apache.org
Subject: Re: USERNAME_TOKEN + SIGNATURE gives "General security error
(WSSecurityEngine: No password callback supplied)"
Hi Mark,
Tried the trick with multiple interceptors. Didn't work for me. But
admitted, was some time ago. Wasn't too familiar with cxf yet. You
might
give it a try yourself.
Remy
mhw wrote:
>
> Remy,
>
> I just thought of a possible solution. Instead of supplying two
actions to
> the same interceptor, maybe one could create two separate interceptors
-
> one handling the USERNAME_TOKEN, the other handling the SIGNATURE
actions.
> (or in my case, timestamp).
>
> Did you ever try this?
>
> --Mark
>
>
>
>
> remy2009 wrote:
>>
>> Sorry, nothing yet. Work with custom SOAP_HEADER with SAML_TOKEN at
the
>> moment. This works for me at the moment but I will probably need
>> USERNAME_TOKEN with SECURITY in the near. Still waiting for solution.
>>
>> Did you happen to try new cxf-2.2.2 version yet?
>>
>> Remy
>>
>>
>
>
--
View this message in context:
http://www.nabble.com/USERNAME_TOKEN-%2B-SIGNATURE-gives-%22General-secu
rity-error-%28WSSecurityEngine%3A-No-password-callback-supplied%29%22-tp
21814109p23978179.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: USERNAME_TOKEN + SIGNATURE gives "General security error
(WSSecurityEngine: No password callback supplied)"
Posted by remy2009 <re...@gmail.com>.
Hi Mark,
Tried the trick with multiple interceptors. Didn't work for me. But
admitted, was some time ago. Wasn't too familiar with cxf yet. You might
give it a try yourself.
Remy
mhw wrote:
>
> Remy,
>
> I just thought of a possible solution. Instead of supplying two actions to
> the same interceptor, maybe one could create two separate interceptors -
> one handling the USERNAME_TOKEN, the other handling the SIGNATURE actions.
> (or in my case, timestamp).
>
> Did you ever try this?
>
> --Mark
>
>
>
>
> remy2009 wrote:
>>
>> Sorry, nothing yet. Work with custom SOAP_HEADER with SAML_TOKEN at the
>> moment. This works for me at the moment but I will probably need
>> USERNAME_TOKEN with SECURITY in the near. Still waiting for solution.
>>
>> Did you happen to try new cxf-2.2.2 version yet?
>>
>> Remy
>>
>>
>
>
--
View this message in context: http://www.nabble.com/USERNAME_TOKEN-%2B-SIGNATURE-gives-%22General-security-error-%28WSSecurityEngine%3A-No-password-callback-supplied%29%22-tp21814109p23978179.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: USERNAME_TOKEN + SIGNATURE gives "General security error
(WSSecurityEngine: No password callback supplied)"
Posted by mhw <ma...@jivesoftware.com>.
Remy,
I just thought of a possible solution. Instead of supplying two actions to
the same interceptor, maybe one could create two separate interceptors - one
handling the USERNAME_TOKEN, the other handling the SIGNATURE actions. (or
in my case, timestamp).
Did you ever try this?
--Mark
remy2009 wrote:
>
> Sorry, nothing yet. Work with custom SOAP_HEADER with SAML_TOKEN at the
> moment. This works for me at the moment but I will probably need
> USERNAME_TOKEN with SECURITY in the near. Still waiting for solution.
>
> Did you happen to try new cxf-2.2.2 version yet?
>
> Remy
>
>
--
View this message in context: http://www.nabble.com/USERNAME_TOKEN-%2B-SIGNATURE-gives-%22General-security-error-%28WSSecurityEngine%3A-No-password-callback-supplied%29%22-tp21814109p23968654.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: USERNAME_TOKEN + SIGNATURE gives "General security error
(WSSecurityEngine: No password callback supplied)"
Posted by remy2009 <re...@gmail.com>.
Sorry, nothing yet. Work with custom SOAP_HEADER with SAML_TOKEN at the
moment. This works for me at the moment but I will probably need
USERNAME_TOKEN with SECURITY in the near. Still waiting for solution.
Did you happen to try new cxf-2.2.2 version yet?
Remy
mhw wrote:
>
> Did you ever find a solution for this?
>
> I am having the same problem when combing the USERNAME_TOKEN and TIMESTAMP
> actions. It appears that if you provide more than one action then it loses
> the passwordHandlerCallback.
>
> In CXF 1.x we used to use three actions: USERNAME_TOKEN TIMESTAMP
> NO_SECURITY. This mean that user could easily turn off ws-security on our
> application and we would not need to redefine the interceptors.
>
> Would love to hear if you have managed to do this.
>
> -Mark
>
--
View this message in context: http://www.nabble.com/USERNAME_TOKEN-%2B-SIGNATURE-gives-%22General-security-error-%28WSSecurityEngine%3A-No-password-callback-supplied%29%22-tp21814109p23967009.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: USERNAME_TOKEN + SIGNATURE gives "General security error
(WSSecurityEngine: No password callback supplied)"
Posted by mhw <ma...@jivesoftware.com>.
Did you ever find a solution for this?
I am having the same problem when combing the USERNAME_TOKEN and TIMESTAMP
actions. It appears that if you provide more than one action then it loses
the passwordHandlerCallback.
In CXF 1.x we used to use three actions: USERNAME_TOKEN TIMESTAMP
NO_SECURITY. This mean that user could easily turn off ws-security on our
application and we would not need to redefine the interceptors.
Would love to hear if you have managed to do this.
-Mark
--
View this message in context: http://www.nabble.com/USERNAME_TOKEN-%2B-SIGNATURE-gives-%22General-security-error-%28WSSecurityEngine%3A-No-password-callback-supplied%29%22-tp21814109p23966182.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: USERNAME_TOKEN + SIGNATURE gives "General security error
(WSSecurityEngine: No password callback supplied)"
Posted by Mayank Mishra <ma...@gmail.com>.
Hi Remy,
Your client side out configuration can look something like below:
*Map<String, Object> outProps = new HashMap<String, Object>();
outProps.put("action", "UsernameToken Timestamp Signature");*
**
*outProps.put("passwordType", "PasswordDigest");
outProps.put("user", "clientx509v1");
outProps.put("passwordCallbackClass",
"demo.wssec.client.UTPasswordCallback");*
**
*outProps.put("signaturePropFile","etc/Client_Sign.properties");
outProps.put("signatureKeyIdentifier", "DirectReference");
outProps.put("signatureParts","{Element}{
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body
");*
**
*bus.getOutInterceptors().add(new SAAJOutInterceptor());
bus.getOutInterceptors().add(new WSS4JOutInterceptor(outProps));*
and your Client_Sign.properties file can look like:
*
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=storepassword
org.apache.ws.security.crypto.merlin.keystore.alias=clientx509v1
org.apache.ws.security.crypto.merlin.file=keystore/client-keystore.jks*
and your server side can have WSS4JInInterceptor configured for inProps
accordingly.
With Regards,
Mayank
On Thu, Jun 11, 2009 at 4:39 AM, remy2009 <re...@gmail.com> wrote:
>
> That's good news Mayank.
> Have to dig-up the code myself. Can you post some snippets here so I can
> compare the code?
>
> Thanks,
>
> Remy
>
>
> Mayank Mishra-3 wrote:
> >
> > remy2009 wrote:
> >> Hello,
> >>
> >> Reading aprrox. all of the cxf-user forum still cannot find answer.
> >> Maybe missed something?
> >> I'm trying to set up USERNAME_TOKEN + SIGNATURE in cxf 2.1.3 but cannot
> >> make
> >> it work (also tried 2.1.2, 2.1.4 and 2.2 with same results)
> >>
> >>
> > I am able to run USERNAME_TOKEN + SIGNATURE in cxf 2.2.1. Can you try on
> > it?
> >
> > With Regards,
> > Mayank
> >> Only USERNAME_TOKEN works fine. Only SIGNATURE works fine but the
> >> combination keeps giving following exception.
> >> INFO: Interceptor has thrown exception, unwinding now
> >> org.apache.cxf.binding.soap.SoapFault: General security error
> >> (WSSecurityEngine: No password callback supplied)
> >> at
> >>
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:398)
> >> at
> >>
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:247)
> >> at
> >>
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:65)
> >> at
> >>
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:220)
> >> at
> >>
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:78)
> >> at
> >>
> org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:92)
> >> at
> >>
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:283)
> >> at
> >>
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:166)
> >> at
> >>
> org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServlet.java:174)
> >> at
> >>
> org.apache.cxf.transport.servlet.AbstractCXFServlet.doPost(AbstractCXFServlet.java:152)
> >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> >> at
> >>
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
> >> at
> >>
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> >> at
> >>
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> >> at
> >>
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
> >> at
> >>
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> >> at
> >>
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> >> at
> >>
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> >> at
> >>
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
> >> at
> >>
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> >> at
> >>
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
> >> at
> >> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> >> at java.lang.Thread.run(Thread.java:619)
> >> Caused by: org.apache.ws.security.WSSecurityException: General security
> >> error (WSSecurityEngine: No password callback supplied)
> >> at
> >>
> org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:134)
> >> at
> >>
> org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:53)
> >> at
> >>
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:311)
> >> at
> >>
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:228)
> >> at
> >>
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:153)
> >> ... 22 more
> >> Feb 3, 2009 5:40:48 PM
> >> org.apache.cxf.interceptor.LoggingOutInterceptor$LoggingCallback onClose
> >>
> >> After trying almost everything that was said on this forum and reading
> >> most
> >> of Glan Mazza's weblogs still no luck. Found some people that seem to
> >> have
> >> same problem but did not find conclusive answer.
> >> There should have been a fix in wws4j 1.5.5. but after installing in
> >> cxf-2.2
> >> (snapshot) still same error.
> >>
> >> Has anyone got it to work?
> >>
> >> Any ideas/help very much appreciated
> >>
> >> Remy
> >>
> >>
> >
> >
> >
>
> --
> View this message in context:
> http://www.nabble.com/USERNAME_TOKEN-%2B-SIGNATURE-gives-%22General-security-error-%28WSSecurityEngine%3A-No-password-callback-supplied%29%22-tp21814109p23978217.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
>
Re: USERNAME_TOKEN + SIGNATURE gives "General security error
(WSSecurityEngine: No password callback supplied)"
Posted by remy2009 <re...@gmail.com>.
That's good news Mayank.
Have to dig-up the code myself. Can you post some snippets here so I can
compare the code?
Thanks,
Remy
Mayank Mishra-3 wrote:
>
> remy2009 wrote:
>> Hello,
>>
>> Reading aprrox. all of the cxf-user forum still cannot find answer.
>> Maybe missed something?
>> I'm trying to set up USERNAME_TOKEN + SIGNATURE in cxf 2.1.3 but cannot
>> make
>> it work (also tried 2.1.2, 2.1.4 and 2.2 with same results)
>>
>>
> I am able to run USERNAME_TOKEN + SIGNATURE in cxf 2.2.1. Can you try on
> it?
>
> With Regards,
> Mayank
>> Only USERNAME_TOKEN works fine. Only SIGNATURE works fine but the
>> combination keeps giving following exception.
>> INFO: Interceptor has thrown exception, unwinding now
>> org.apache.cxf.binding.soap.SoapFault: General security error
>> (WSSecurityEngine: No password callback supplied)
>> at
>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:398)
>> at
>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:247)
>> at
>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:65)
>> at
>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:220)
>> at
>> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:78)
>> at
>> org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:92)
>> at
>> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:283)
>> at
>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:166)
>> at
>> org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServlet.java:174)
>> at
>> org.apache.cxf.transport.servlet.AbstractCXFServlet.doPost(AbstractCXFServlet.java:152)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>> at
>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>> at
>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
>> at
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
>> at
>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>> at
>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>> at
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
>> at
>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
>> at
>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
>> at
>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>> at java.lang.Thread.run(Thread.java:619)
>> Caused by: org.apache.ws.security.WSSecurityException: General security
>> error (WSSecurityEngine: No password callback supplied)
>> at
>> org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:134)
>> at
>> org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:53)
>> at
>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:311)
>> at
>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:228)
>> at
>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:153)
>> ... 22 more
>> Feb 3, 2009 5:40:48 PM
>> org.apache.cxf.interceptor.LoggingOutInterceptor$LoggingCallback onClose
>>
>> After trying almost everything that was said on this forum and reading
>> most
>> of Glan Mazza's weblogs still no luck. Found some people that seem to
>> have
>> same problem but did not find conclusive answer.
>> There should have been a fix in wws4j 1.5.5. but after installing in
>> cxf-2.2
>> (snapshot) still same error.
>>
>> Has anyone got it to work?
>>
>> Any ideas/help very much appreciated
>>
>> Remy
>>
>>
>
>
>
--
View this message in context: http://www.nabble.com/USERNAME_TOKEN-%2B-SIGNATURE-gives-%22General-security-error-%28WSSecurityEngine%3A-No-password-callback-supplied%29%22-tp21814109p23978217.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: USERNAME_TOKEN + SIGNATURE gives "General security error (WSSecurityEngine:
No password callback supplied)"
Posted by Mayank Mishra <ma...@gmail.com>.
remy2009 wrote:
> Hello,
>
> Reading aprrox. all of the cxf-user forum still cannot find answer.
> Maybe missed something?
> I'm trying to set up USERNAME_TOKEN + SIGNATURE in cxf 2.1.3 but cannot make
> it work (also tried 2.1.2, 2.1.4 and 2.2 with same results)
>
>
I am able to run USERNAME_TOKEN + SIGNATURE in cxf 2.2.1. Can you try on it?
With Regards,
Mayank
> Only USERNAME_TOKEN works fine. Only SIGNATURE works fine but the
> combination keeps giving following exception.
> INFO: Interceptor has thrown exception, unwinding now
> org.apache.cxf.binding.soap.SoapFault: General security error
> (WSSecurityEngine: No password callback supplied)
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:398)
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:247)
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:65)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:220)
> at
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:78)
> at
> org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:92)
> at
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:283)
> at
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:166)
> at
> org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServlet.java:174)
> at
> org.apache.cxf.transport.servlet.AbstractCXFServlet.doPost(AbstractCXFServlet.java:152)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
> at
> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Thread.java:619)
> Caused by: org.apache.ws.security.WSSecurityException: General security
> error (WSSecurityEngine: No password callback supplied)
> at
> org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:134)
> at
> org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:53)
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:311)
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:228)
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:153)
> ... 22 more
> Feb 3, 2009 5:40:48 PM
> org.apache.cxf.interceptor.LoggingOutInterceptor$LoggingCallback onClose
>
> After trying almost everything that was said on this forum and reading most
> of Glan Mazza's weblogs still no luck. Found some people that seem to have
> same problem but did not find conclusive answer.
> There should have been a fix in wws4j 1.5.5. but after installing in cxf-2.2
> (snapshot) still same error.
>
> Has anyone got it to work?
>
> Any ideas/help very much appreciated
>
> Remy
>
>