CXF3 Server-side security validation problems

Thu, 18 Dec 2014 05:14:38 -0800 

Ask an expert a question, please comment*I'm using CXF3.0.1, WS-context.XML
on the server side configuration is as follows:*<?xml version="1.0"
encoding="UTF-8"?>                                                              
                                                                                
                                                                                
                                                                                
                                                                                
                                                                                
                                                                                
                        
*Server-side callback class:*import java.io.IOException;import
javax.security.auth.callback.Callback;import
javax.security.auth.callback.CallbackHandler;import
javax.security.auth.callback.UnsupportedCallbackException;import
org.apache.cxf.interceptor.Fault;import
org.apache.wss4j.common.ext.WSPasswordCallback;import
org.apache.xmlbeans.impl.soap.SOAPException;public class WsAuthHandler
implements CallbackHandler {    public void handle(Callback[] callbacks) throws
IOException,                    UnsupportedCallbackException {                  
        String ws_pwd = "test"; 
String ws_user = "test";                                for (int i = 0; i < 
callbacks.length; i++) {            
WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];                      
String
identifier = pc.getIdentifier();                        String pwd = 
pc.getPassword();                  int
usage = pc.getUsage();                                          
if(ws_user.equals(identifier)){                         if (usage ==
WSPasswordCallback.USERNAME_TOKEN) {                                    
pc.setPassword(ws_pwd);                         } else
if (usage == WSPasswordCallback.SIGNATURE) {                                    
pc.setPassword(ws_pwd);                 
}                                                       }                       
                }       }}*Server-side service class as follows*public class
TestServer {            TestServer(String args){                        
Iproviderconnector ews = new
iproviderconnectorSOAPImpl();                           JaxWsServerFactoryBean 
factory = new
JaxWsServerFactoryBean();                       
factory.setServiceClass(Iproviderconnector.class);              
factory.setAddress("http://localhost:9000/Iproviderconnector";);         
factory.setServiceBean(ews);                    factory.create();               
}                                               public static void
main(String[] args)throws InterruptedException{                                 
                                new
TestServer("Iproviderconnector");                       
System.out.println("Server ready...");          
Thread.sleep(1000*60);                          System.out.println("Server 
exit...");           
System.exit(0);                 }}*Use the weblogic11g, client access, and 
WebLogic error,
as follows:*2014-12-18 16:09:26 org.apache.cxf.phase.PhaseInterceptorChain
doDefaultLoggingWARNING: Interceptor for
{http://adapter.ws.mb.payment.dcfs.com/}IproviderconnectorService#{http://adapter.ws.mb.payment.dcfs.com/}doCommon
has thrown exception, unwinding nowThrowable occurred:
org.apache.cxf.binding.soap.SoapFault: MustUnderstand headers:
[{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security]
are not understood.     at
org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$MustUnderstandEndingInterceptor.handleMessage(MustUnderstandInterceptor.java:281)
at
org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$MustUnderstandEndingInterceptor.handleMessage(MustUnderstandInterceptor.java:259)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:243)
at
org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:261)
at
org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:70)
at
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1088)
at
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1024)
at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
at
org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
at org.eclipse.jetty.server.Server.handle(Server.java:370)      at
org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494)
at
org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:982)
at
org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1043)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:957)     at
org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)   at
org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
at
org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:696)
at
org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:53)
at
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
at
org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
at java.lang.Thread.run(Thread.java:738)Please helpBest wishes



--
View this message in context: 
http://cxf.547215.n5.nabble.com/CXF3-Server-side-security-validation-problems-tp5752503.html
Sent from the cxf-dev mailing list archive at Nabble.com.

Reply via email to