You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Arnold Schrijver <as...@adnovate.com> on 2010/05/11 15:42:41 UTC
Bad UsernameToken Values due to .NET compliance problem - how to
solve?
I encountered the same problem as described in this post:
http://old.nabble.com/An-invalid-security-token-was-provided-%28Bad-UsernameToken-Values%29-ts27429163.html#a27429163
An invalid security token was provided (Bad UsernameToken Values)
In the thread posts Daniel Kulp mentions configuring the WSSConfig object,
but said also that that was not yet available in a release.
The code line below should do the trick according to Daniel:
WSSConfig.getDefaultWSConfig().setAllowNamespaceQualifiedPasswordTypes(true);
User huidong at the end of the thread mentions modifying the spring
configuration file, by specifying arguments to the WSS4JInInterceptor
constructor and modifying the WSS4JInInterceptor class.
My questions:
Which is the best/prefered approach?
Can you provide an example of how to go about modifying the
WSS4JInInterceptor, if that is what's required?
--
View this message in context: http://old.nabble.com/Bad-UsernameToken-Values-due-to-.NET-compliance-problem---how-to-solve--tp28524226p28524226.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Bad UsernameToken Values due to .NET compliance problem - how
to solve?
Posted by Arnold Schrijver <as...@adnovate.com>.
Solved the problem in the following way:
Created an interceptor class that derives from AbstractPhaseInterceptor
Specified in the constructor that is should apply to pre-protocol phase
(Phase.PRE_PROTOCOL)
In handleMessage specified the line of code suggested by Daniel Kulp:
WSSConfig.getDefaultWSConfig().setAllowNamespaceQualifiedPasswordTypes(true);
Added an <cxf:bus> section to cxf-servlet.xml configuration file
Added an <cxf:inInterceptors> section within <cxf:bus>
Added first the AbstractPhaseInterceptor derived class to this section
Followed by the org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
Added the appropriate constructor-args to WSS4JInInterceptor:
action="UsernameToken", passwordType="PasswordText",
passwordCallbackClass="..."
And it works!
--
View this message in context: http://old.nabble.com/Bad-UsernameToken-Values-due-to-.NET-compliance-problem---how-to-solve--tp28524226p28534777.html
Sent from the cxf-user mailing list archive at Nabble.com.