You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Jason Wang <ja...@gmail.com> on 2013/11/22 08:33:30 UTC
Custom UsernamTokenValidator no longer invoked from 2.7
Hi all,
After upgrade from CXF from 2.6.2 to 2.7.7, I found that my customer
UsernameTokenValidator is no longer invoked.
Anyone know why? Another compatibility issue?
It is configured through applicationContext:
<cxf:bus>
.....
<cxf:properties>
<entry key="ws-security.ut.validator"
value-ref="serviceUsernameTokenValidator" />
<entry key="ws-security.callback-handler"
value-ref="servicePasswordCallbackHandler"/>
<entry key="ws-security.signature.properties"
value="serviceKeystore.properties"/>
<entry key="ws-security.timestamp.validator"
value="org.apache.ws.security.validate.NoOpValidator" />
<entry key="ws-security.enable.nonce.cache" value="false" />
<entry key="ws-security.enable.timestamp.cache" value="false" />
<entry key="timeToLive" value="1147483"/>
<entry key="futureTimeToLive" value="1147483"/>
<entry key="timestampStrict" value="false"/>
<entry key="ws-security.is-bsp-compliant" value="false"/>
</cxf:properties>
</cxf:bus>
Thanks,
Jason
Re: Custom UsernamTokenValidator no longer invoked from 2.7
Posted by Colm O hEigeartaigh <co...@apache.org>.
Hi Jason,
It looks like a bug that has been introduced. As far as I'm aware, there
were no changes in the security-specific code relating to this, and we have
many tests in CXF for custom UsernameTokenValidators.
Could you submit a test-case to a new JIRA?
Colm.
On Fri, Nov 22, 2013 at 7:42 AM, Jason Wang <ja...@gmail.com>wrote:
> Oh, forgot to say that the serviceUsernameTokenValidator is managed by
> spring via @Component configuration. No code or config change at all.
>
>
> On Fri, Nov 22, 2013 at 8:33 PM, Jason Wang <jason.lei.wang@gmail.com
> >wrote:
>
> > Hi all,
> >
> > After upgrade from CXF from 2.6.2 to 2.7.7, I found that my customer
> > UsernameTokenValidator is no longer invoked.
> >
> > Anyone know why? Another compatibility issue?
> >
> > It is configured through applicationContext:
> >
> > <cxf:bus>
> > .....
> >
> > <cxf:properties>
> > <entry key="ws-security.ut.validator"
> > value-ref="serviceUsernameTokenValidator" />
> >
> > <entry key="ws-security.callback-handler"
> > value-ref="servicePasswordCallbackHandler"/>
> > <entry key="ws-security.signature.properties"
> > value="serviceKeystore.properties"/>
> > <entry key="ws-security.timestamp.validator"
> > value="org.apache.ws.security.validate.NoOpValidator" />
> > <entry key="ws-security.enable.nonce.cache" value="false" />
> > <entry key="ws-security.enable.timestamp.cache" value="false"
> > />
> > <entry key="timeToLive" value="1147483"/>
> > <entry key="futureTimeToLive" value="1147483"/>
> > <entry key="timestampStrict" value="false"/>
> >
> > <entry key="ws-security.is-bsp-compliant" value="false"/>
> > </cxf:properties>
> > </cxf:bus>
> >
> > Thanks,
> > Jason
> >
> >
> >
> >
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: Custom UsernamTokenValidator no longer invoked from 2.7
Posted by Jason Wang <ja...@gmail.com>.
Oh, forgot to say that the serviceUsernameTokenValidator is managed by
spring via @Component configuration. No code or config change at all.
On Fri, Nov 22, 2013 at 8:33 PM, Jason Wang <ja...@gmail.com>wrote:
> Hi all,
>
> After upgrade from CXF from 2.6.2 to 2.7.7, I found that my customer
> UsernameTokenValidator is no longer invoked.
>
> Anyone know why? Another compatibility issue?
>
> It is configured through applicationContext:
>
> <cxf:bus>
> .....
>
> <cxf:properties>
> <entry key="ws-security.ut.validator"
> value-ref="serviceUsernameTokenValidator" />
>
> <entry key="ws-security.callback-handler"
> value-ref="servicePasswordCallbackHandler"/>
> <entry key="ws-security.signature.properties"
> value="serviceKeystore.properties"/>
> <entry key="ws-security.timestamp.validator"
> value="org.apache.ws.security.validate.NoOpValidator" />
> <entry key="ws-security.enable.nonce.cache" value="false" />
> <entry key="ws-security.enable.timestamp.cache" value="false"
> />
> <entry key="timeToLive" value="1147483"/>
> <entry key="futureTimeToLive" value="1147483"/>
> <entry key="timestampStrict" value="false"/>
>
> <entry key="ws-security.is-bsp-compliant" value="false"/>
> </cxf:properties>
> </cxf:bus>
>
> Thanks,
> Jason
>
>
>
>