You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by Jason Wang <ja...@gmail.com> on 2013/11/22 08:33:30 UTC

Custom UsernamTokenValidator no longer invoked from 2.7

Hi all,

After upgrade from CXF from 2.6.2 to 2.7.7, I found that my customer
UsernameTokenValidator is no longer invoked.

Anyone know why? Another compatibility issue?

It is configured through applicationContext:

<cxf:bus>
      .....

<cxf:properties>
            <entry key="ws-security.ut.validator"
value-ref="serviceUsernameTokenValidator" />

            <entry key="ws-security.callback-handler"
value-ref="servicePasswordCallbackHandler"/>
            <entry key="ws-security.signature.properties"
value="serviceKeystore.properties"/>
            <entry key="ws-security.timestamp.validator"
value="org.apache.ws.security.validate.NoOpValidator" />
            <entry key="ws-security.enable.nonce.cache" value="false" />
            <entry key="ws-security.enable.timestamp.cache" value="false" />
            <entry key="timeToLive" value="1147483"/>
            <entry key="futureTimeToLive" value="1147483"/>
            <entry key="timestampStrict" value="false"/>

            <entry key="ws-security.is-bsp-compliant" value="false"/>
</cxf:properties>
</cxf:bus>

Thanks,
Jason

Re: Custom UsernamTokenValidator no longer invoked from 2.7

Posted by Colm O hEigeartaigh <co...@apache.org>.

Hi Jason,

It looks like a bug that has been introduced. As far as I'm aware, there
were no changes in the security-specific code relating to this, and we have
many tests in CXF for custom UsernameTokenValidators.

Could you submit a test-case to a new JIRA?

Colm.


On Fri, Nov 22, 2013 at 7:42 AM, Jason Wang <ja...@gmail.com>wrote:

> Oh, forgot to say that the serviceUsernameTokenValidator is managed by
> spring via @Component configuration. No code or config change at all.
>
>
> On Fri, Nov 22, 2013 at 8:33 PM, Jason Wang <jason.lei.wang@gmail.com
> >wrote:
>
> > Hi all,
> >
> > After upgrade from CXF from 2.6.2 to 2.7.7, I found that my customer
> > UsernameTokenValidator is no longer invoked.
> >
> > Anyone know why? Another compatibility issue?
> >
> > It is configured through applicationContext:
> >
> > <cxf:bus>
> >       .....
> >
> > <cxf:properties>
> >             <entry key="ws-security.ut.validator"
> > value-ref="serviceUsernameTokenValidator" />
> >
> >             <entry key="ws-security.callback-handler"
> > value-ref="servicePasswordCallbackHandler"/>
> >             <entry key="ws-security.signature.properties"
> > value="serviceKeystore.properties"/>
> >             <entry key="ws-security.timestamp.validator"
> > value="org.apache.ws.security.validate.NoOpValidator" />
> >             <entry key="ws-security.enable.nonce.cache" value="false" />
> >             <entry key="ws-security.enable.timestamp.cache" value="false"
> > />
> >             <entry key="timeToLive" value="1147483"/>
> >             <entry key="futureTimeToLive" value="1147483"/>
> >             <entry key="timestampStrict" value="false"/>
> >
> >             <entry key="ws-security.is-bsp-compliant" value="false"/>
> > </cxf:properties>
> >  </cxf:bus>
> >
> > Thanks,
> > Jason
> >
> >
> >
> >
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Re: Custom UsernamTokenValidator no longer invoked from 2.7

Posted by Jason Wang <ja...@gmail.com>.

Oh, forgot to say that the serviceUsernameTokenValidator is managed by
spring via @Component configuration. No code or config change at all.


On Fri, Nov 22, 2013 at 8:33 PM, Jason Wang <ja...@gmail.com>wrote:

> Hi all,
>
> After upgrade from CXF from 2.6.2 to 2.7.7, I found that my customer
> UsernameTokenValidator is no longer invoked.
>
> Anyone know why? Another compatibility issue?
>
> It is configured through applicationContext:
>
> <cxf:bus>
>       .....
>
> <cxf:properties>
>             <entry key="ws-security.ut.validator"
> value-ref="serviceUsernameTokenValidator" />
>
>             <entry key="ws-security.callback-handler"
> value-ref="servicePasswordCallbackHandler"/>
>             <entry key="ws-security.signature.properties"
> value="serviceKeystore.properties"/>
>             <entry key="ws-security.timestamp.validator"
> value="org.apache.ws.security.validate.NoOpValidator" />
>             <entry key="ws-security.enable.nonce.cache" value="false" />
>             <entry key="ws-security.enable.timestamp.cache" value="false"
> />
>             <entry key="timeToLive" value="1147483"/>
>             <entry key="futureTimeToLive" value="1147483"/>
>             <entry key="timestampStrict" value="false"/>
>
>             <entry key="ws-security.is-bsp-compliant" value="false"/>
> </cxf:properties>
>  </cxf:bus>
>
> Thanks,
> Jason
>
>
>
>