[jira] [Comment Edited] (CXF-8136) Exception on WSS4JInInterceptor for basic auth
[
https://issues.apache.org/jira/browse/CXF-8136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16959397#comment-16959397
]
Dmitry edited comment on CXF-8136 at 10/25/19 8:21 AM:
---
its not work. http request:
was (Author: evrikom):
auth work if enable preemptive authentication in SoapUI global http settings.
Greate thanks!
> Exception on WSS4JInInterceptor for basic auth
> --
>
> Key: CXF-8136
> URL: https://issues.apache.org/jira/browse/CXF-8136
> Project: CXF
> Issue Type: Bug
> Components: Core
>Affects Versions: 3.3.3
>Reporter: Dmitry
>Assignee: Colm O hEigeartaigh
>Priority: Major
> Attachments: 1.png
>
>
> Hello. Im trying develop web service with apache cxf 3.3.3,spring boot 2.1.7
> and java 11.
> Configuration :
> {code:java}
> @Bean
> public Endpoint endpointReferenceService(Bus bus, ReferenceServiceImpl
> referenceService) {
> EndpointImpl endpoint = new EndpointImpl(bus, referenceService);
> Map inProps = new HashMap();
> inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
> inProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
> //inProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST);
> inProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
> ServerPasswordCallback.class.getName());
> WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
> endpoint.getInInterceptors().add(wssIn);
> endpoint.publish("/ReferenceService");
> return endpoint;
> }{code}
> CallBack:
> {code:java}
> public class ServerPasswordCallback implements CallbackHandler {
> private Map passwords = new HashMap<>();
> public ServerPasswordCallback() {
> passwords.put("user", "123");
> }
> public void handle(Callback[] callbacks) throws IOException,
> UnsupportedCallbackException {
> for (int i = 0; i < callbacks.length; i++) {
> WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
> String pass = passwords.get(pc.getIdentifier());
> if (pass != null) {
> pc.setPassword(pass);
> return;
> }
> }
> }{code}
>
> when i send request from SoapUI, get exception:
>
> {code:java}
> 2019-10-24 16:00:07.620 WARN 14918 --- [nio-9090-exec-1]
> o.a.c.w.s.wss4j.WSS4JInInterceptor : Security processing failed (actions
> mismatch)
> 2019-10-24 16:00:07.626 WARN 14918 --- [nio-9090-exec-1]
> o.a.cxf.phase.PhaseInterceptorChain : Interceptor for
> {http://endpoint.mobilcard.ru/}ReferenceServiceImplService#{http://services.company.ru/}getGlobalReferenceList
> has thrown exception, unwinding now
> org.apache.cxf.binding.soap.SoapFault: A security error was encountered when
> verifying the message
> at
> org.apache.cxf.ws.security.wss4j.WSS4JUtils.createSoapFault(WSS4JUtils.java:234)
> ~[cxf-rt-ws-security-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:376)
> ~[cxf-rt-ws-security-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:212)
> ~[cxf-rt-ws-security-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:92)
> ~[cxf-rt-ws-security-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
> ~[cxf-core-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
> ~[cxf-core-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:267)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:216)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:301)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:220)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
> ~[tomcat-embed-core-9.0.22.jar:9.0.22]
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:276)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.catalina.cor
[jira] [Commented] (CXF-8136) Exception on WSS4JInInterceptor for basic auth
[
https://issues.apache.org/jira/browse/CXF-8136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16959543#comment-16959543
]
Dmitry commented on CXF-8136:
-
!1.png!
> Exception on WSS4JInInterceptor for basic auth
> --
>
> Key: CXF-8136
> URL: https://issues.apache.org/jira/browse/CXF-8136
> Project: CXF
> Issue Type: Bug
> Components: Core
>Affects Versions: 3.3.3
>Reporter: Dmitry
>Assignee: Colm O hEigeartaigh
>Priority: Major
> Attachments: 1.png
>
>
> Hello. Im trying develop web service with apache cxf 3.3.3,spring boot 2.1.7
> and java 11.
> Configuration :
> {code:java}
> @Bean
> public Endpoint endpointReferenceService(Bus bus, ReferenceServiceImpl
> referenceService) {
> EndpointImpl endpoint = new EndpointImpl(bus, referenceService);
> Map inProps = new HashMap();
> inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
> inProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
> //inProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST);
> inProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
> ServerPasswordCallback.class.getName());
> WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
> endpoint.getInInterceptors().add(wssIn);
> endpoint.publish("/ReferenceService");
> return endpoint;
> }{code}
> CallBack:
> {code:java}
> public class ServerPasswordCallback implements CallbackHandler {
> private Map passwords = new HashMap<>();
> public ServerPasswordCallback() {
> passwords.put("user", "123");
> }
> public void handle(Callback[] callbacks) throws IOException,
> UnsupportedCallbackException {
> for (int i = 0; i < callbacks.length; i++) {
> WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
> String pass = passwords.get(pc.getIdentifier());
> if (pass != null) {
> pc.setPassword(pass);
> return;
> }
> }
> }{code}
>
> when i send request from SoapUI, get exception:
>
> {code:java}
> 2019-10-24 16:00:07.620 WARN 14918 --- [nio-9090-exec-1]
> o.a.c.w.s.wss4j.WSS4JInInterceptor : Security processing failed (actions
> mismatch)
> 2019-10-24 16:00:07.626 WARN 14918 --- [nio-9090-exec-1]
> o.a.cxf.phase.PhaseInterceptorChain : Interceptor for
> {http://endpoint.mobilcard.ru/}ReferenceServiceImplService#{http://services.company.ru/}getGlobalReferenceList
> has thrown exception, unwinding now
> org.apache.cxf.binding.soap.SoapFault: A security error was encountered when
> verifying the message
> at
> org.apache.cxf.ws.security.wss4j.WSS4JUtils.createSoapFault(WSS4JUtils.java:234)
> ~[cxf-rt-ws-security-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:376)
> ~[cxf-rt-ws-security-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:212)
> ~[cxf-rt-ws-security-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:92)
> ~[cxf-rt-ws-security-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
> ~[cxf-core-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
> ~[cxf-core-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:267)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:216)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:301)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:220)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
> ~[tomcat-embed-core-9.0.22.jar:9.0.22]
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:276)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
> ~[tomcat-embed-core-9.0.22.jar:9.0.22]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(Applicati
[jira] [Updated] (CXF-8136) Exception on WSS4JInInterceptor for basic auth
[
https://issues.apache.org/jira/browse/CXF-8136?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dmitry updated CXF-8136:
Attachment: 1.png
> Exception on WSS4JInInterceptor for basic auth
> --
>
> Key: CXF-8136
> URL: https://issues.apache.org/jira/browse/CXF-8136
> Project: CXF
> Issue Type: Bug
> Components: Core
>Affects Versions: 3.3.3
>Reporter: Dmitry
>Assignee: Colm O hEigeartaigh
>Priority: Major
> Attachments: 1.png, 1.png
>
>
> Hello. Im trying develop web service with apache cxf 3.3.3,spring boot 2.1.7
> and java 11.
> Configuration :
> {code:java}
> @Bean
> public Endpoint endpointReferenceService(Bus bus, ReferenceServiceImpl
> referenceService) {
> EndpointImpl endpoint = new EndpointImpl(bus, referenceService);
> Map inProps = new HashMap();
> inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
> inProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
> //inProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST);
> inProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
> ServerPasswordCallback.class.getName());
> WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
> endpoint.getInInterceptors().add(wssIn);
> endpoint.publish("/ReferenceService");
> return endpoint;
> }{code}
> CallBack:
> {code:java}
> public class ServerPasswordCallback implements CallbackHandler {
> private Map passwords = new HashMap<>();
> public ServerPasswordCallback() {
> passwords.put("user", "123");
> }
> public void handle(Callback[] callbacks) throws IOException,
> UnsupportedCallbackException {
> for (int i = 0; i < callbacks.length; i++) {
> WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
> String pass = passwords.get(pc.getIdentifier());
> if (pass != null) {
> pc.setPassword(pass);
> return;
> }
> }
> }{code}
>
> when i send request from SoapUI, get exception:
>
> {code:java}
> 2019-10-24 16:00:07.620 WARN 14918 --- [nio-9090-exec-1]
> o.a.c.w.s.wss4j.WSS4JInInterceptor : Security processing failed (actions
> mismatch)
> 2019-10-24 16:00:07.626 WARN 14918 --- [nio-9090-exec-1]
> o.a.cxf.phase.PhaseInterceptorChain : Interceptor for
> {http://endpoint.mobilcard.ru/}ReferenceServiceImplService#{http://services.company.ru/}getGlobalReferenceList
> has thrown exception, unwinding now
> org.apache.cxf.binding.soap.SoapFault: A security error was encountered when
> verifying the message
> at
> org.apache.cxf.ws.security.wss4j.WSS4JUtils.createSoapFault(WSS4JUtils.java:234)
> ~[cxf-rt-ws-security-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:376)
> ~[cxf-rt-ws-security-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:212)
> ~[cxf-rt-ws-security-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:92)
> ~[cxf-rt-ws-security-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
> ~[cxf-core-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
> ~[cxf-core-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:267)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:216)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:301)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:220)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
> ~[tomcat-embed-core-9.0.22.jar:9.0.22]
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:276)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
> ~[tomcat-embed-core-9.0.22.jar:9.0.22]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> ~[tomcat-e
[jira] [Updated] (CXF-8136) Exception on WSS4JInInterceptor for basic auth
[
https://issues.apache.org/jira/browse/CXF-8136?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dmitry updated CXF-8136:
Attachment: 2.png
> Exception on WSS4JInInterceptor for basic auth
> --
>
> Key: CXF-8136
> URL: https://issues.apache.org/jira/browse/CXF-8136
> Project: CXF
> Issue Type: Bug
> Components: Core
>Affects Versions: 3.3.3
>Reporter: Dmitry
>Assignee: Colm O hEigeartaigh
>Priority: Major
> Attachments: 1.png, 1.png, 2.png
>
>
> Hello. Im trying develop web service with apache cxf 3.3.3,spring boot 2.1.7
> and java 11.
> Configuration :
> {code:java}
> @Bean
> public Endpoint endpointReferenceService(Bus bus, ReferenceServiceImpl
> referenceService) {
> EndpointImpl endpoint = new EndpointImpl(bus, referenceService);
> Map inProps = new HashMap();
> inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
> inProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
> //inProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST);
> inProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
> ServerPasswordCallback.class.getName());
> WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
> endpoint.getInInterceptors().add(wssIn);
> endpoint.publish("/ReferenceService");
> return endpoint;
> }{code}
> CallBack:
> {code:java}
> public class ServerPasswordCallback implements CallbackHandler {
> private Map passwords = new HashMap<>();
> public ServerPasswordCallback() {
> passwords.put("user", "123");
> }
> public void handle(Callback[] callbacks) throws IOException,
> UnsupportedCallbackException {
> for (int i = 0; i < callbacks.length; i++) {
> WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
> String pass = passwords.get(pc.getIdentifier());
> if (pass != null) {
> pc.setPassword(pass);
> return;
> }
> }
> }{code}
>
> when i send request from SoapUI, get exception:
>
> {code:java}
> 2019-10-24 16:00:07.620 WARN 14918 --- [nio-9090-exec-1]
> o.a.c.w.s.wss4j.WSS4JInInterceptor : Security processing failed (actions
> mismatch)
> 2019-10-24 16:00:07.626 WARN 14918 --- [nio-9090-exec-1]
> o.a.cxf.phase.PhaseInterceptorChain : Interceptor for
> {http://endpoint.mobilcard.ru/}ReferenceServiceImplService#{http://services.company.ru/}getGlobalReferenceList
> has thrown exception, unwinding now
> org.apache.cxf.binding.soap.SoapFault: A security error was encountered when
> verifying the message
> at
> org.apache.cxf.ws.security.wss4j.WSS4JUtils.createSoapFault(WSS4JUtils.java:234)
> ~[cxf-rt-ws-security-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:376)
> ~[cxf-rt-ws-security-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:212)
> ~[cxf-rt-ws-security-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:92)
> ~[cxf-rt-ws-security-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
> ~[cxf-core-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
> ~[cxf-core-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:267)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:216)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:301)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:220)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
> ~[tomcat-embed-core-9.0.22.jar:9.0.22]
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:276)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
> ~[tomcat-embed-core-9.0.22.jar:9.0.22]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> ~[t
[jira] [Issue Comment Deleted] (CXF-8136) Exception on WSS4JInInterceptor for basic auth
[
https://issues.apache.org/jira/browse/CXF-8136?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dmitry updated CXF-8136:
Comment: was deleted
(was: !1.png!)
> Exception on WSS4JInInterceptor for basic auth
> --
>
> Key: CXF-8136
> URL: https://issues.apache.org/jira/browse/CXF-8136
> Project: CXF
> Issue Type: Bug
> Components: Core
>Affects Versions: 3.3.3
>Reporter: Dmitry
>Assignee: Colm O hEigeartaigh
>Priority: Major
> Attachments: 1.png, 1.png, 2.png
>
>
> Hello. Im trying develop web service with apache cxf 3.3.3,spring boot 2.1.7
> and java 11.
> Configuration :
> {code:java}
> @Bean
> public Endpoint endpointReferenceService(Bus bus, ReferenceServiceImpl
> referenceService) {
> EndpointImpl endpoint = new EndpointImpl(bus, referenceService);
> Map inProps = new HashMap();
> inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
> inProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
> //inProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST);
> inProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
> ServerPasswordCallback.class.getName());
> WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
> endpoint.getInInterceptors().add(wssIn);
> endpoint.publish("/ReferenceService");
> return endpoint;
> }{code}
> CallBack:
> {code:java}
> public class ServerPasswordCallback implements CallbackHandler {
> private Map passwords = new HashMap<>();
> public ServerPasswordCallback() {
> passwords.put("user", "123");
> }
> public void handle(Callback[] callbacks) throws IOException,
> UnsupportedCallbackException {
> for (int i = 0; i < callbacks.length; i++) {
> WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
> String pass = passwords.get(pc.getIdentifier());
> if (pass != null) {
> pc.setPassword(pass);
> return;
> }
> }
> }{code}
>
> when i send request from SoapUI, get exception:
>
> {code:java}
> 2019-10-24 16:00:07.620 WARN 14918 --- [nio-9090-exec-1]
> o.a.c.w.s.wss4j.WSS4JInInterceptor : Security processing failed (actions
> mismatch)
> 2019-10-24 16:00:07.626 WARN 14918 --- [nio-9090-exec-1]
> o.a.cxf.phase.PhaseInterceptorChain : Interceptor for
> {http://endpoint.mobilcard.ru/}ReferenceServiceImplService#{http://services.company.ru/}getGlobalReferenceList
> has thrown exception, unwinding now
> org.apache.cxf.binding.soap.SoapFault: A security error was encountered when
> verifying the message
> at
> org.apache.cxf.ws.security.wss4j.WSS4JUtils.createSoapFault(WSS4JUtils.java:234)
> ~[cxf-rt-ws-security-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:376)
> ~[cxf-rt-ws-security-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:212)
> ~[cxf-rt-ws-security-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:92)
> ~[cxf-rt-ws-security-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
> ~[cxf-core-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
> ~[cxf-core-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:267)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:216)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:301)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:220)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
> ~[tomcat-embed-core-9.0.22.jar:9.0.22]
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:276)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
> ~[tomcat-embed-core-9.0.22.jar:9.0.22]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCha
[jira] [Commented] (CXF-8136) Exception on WSS4JInInterceptor for basic auth
[
https://issues.apache.org/jira/browse/CXF-8136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16959545#comment-16959545
]
Dmitry commented on CXF-8136:
-
!2.png!
> Exception on WSS4JInInterceptor for basic auth
> --
>
> Key: CXF-8136
> URL: https://issues.apache.org/jira/browse/CXF-8136
> Project: CXF
> Issue Type: Bug
> Components: Core
>Affects Versions: 3.3.3
>Reporter: Dmitry
>Assignee: Colm O hEigeartaigh
>Priority: Major
> Attachments: 1.png, 1.png, 2.png
>
>
> Hello. Im trying develop web service with apache cxf 3.3.3,spring boot 2.1.7
> and java 11.
> Configuration :
> {code:java}
> @Bean
> public Endpoint endpointReferenceService(Bus bus, ReferenceServiceImpl
> referenceService) {
> EndpointImpl endpoint = new EndpointImpl(bus, referenceService);
> Map inProps = new HashMap();
> inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
> inProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
> //inProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST);
> inProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
> ServerPasswordCallback.class.getName());
> WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
> endpoint.getInInterceptors().add(wssIn);
> endpoint.publish("/ReferenceService");
> return endpoint;
> }{code}
> CallBack:
> {code:java}
> public class ServerPasswordCallback implements CallbackHandler {
> private Map passwords = new HashMap<>();
> public ServerPasswordCallback() {
> passwords.put("user", "123");
> }
> public void handle(Callback[] callbacks) throws IOException,
> UnsupportedCallbackException {
> for (int i = 0; i < callbacks.length; i++) {
> WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
> String pass = passwords.get(pc.getIdentifier());
> if (pass != null) {
> pc.setPassword(pass);
> return;
> }
> }
> }{code}
>
> when i send request from SoapUI, get exception:
>
> {code:java}
> 2019-10-24 16:00:07.620 WARN 14918 --- [nio-9090-exec-1]
> o.a.c.w.s.wss4j.WSS4JInInterceptor : Security processing failed (actions
> mismatch)
> 2019-10-24 16:00:07.626 WARN 14918 --- [nio-9090-exec-1]
> o.a.cxf.phase.PhaseInterceptorChain : Interceptor for
> {http://endpoint.mobilcard.ru/}ReferenceServiceImplService#{http://services.company.ru/}getGlobalReferenceList
> has thrown exception, unwinding now
> org.apache.cxf.binding.soap.SoapFault: A security error was encountered when
> verifying the message
> at
> org.apache.cxf.ws.security.wss4j.WSS4JUtils.createSoapFault(WSS4JUtils.java:234)
> ~[cxf-rt-ws-security-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:376)
> ~[cxf-rt-ws-security-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:212)
> ~[cxf-rt-ws-security-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:92)
> ~[cxf-rt-ws-security-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
> ~[cxf-core-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
> ~[cxf-core-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:267)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:216)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:301)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:220)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
> ~[tomcat-embed-core-9.0.22.jar:9.0.22]
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:276)
> ~[cxf-rt-transports-http-3.3.3.jar:3.3.3]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
> ~[tomcat-embed-core-9.0.22.jar:9.0.22]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFi
[jira] [Created] (CXF-8137) Using SecurityConstants.VALIDATE_TOKEN with WSS4JInInterceptor no longer allows skipping validation of token
Bjørn Hilstad created CXF-8137: -- Summary: Using SecurityConstants.VALIDATE_TOKEN with WSS4JInInterceptor no longer allows skipping validation of token Key: CXF-8137 URL: https://issues.apache.org/jira/browse/CXF-8137 Project: CXF Issue Type: Bug Components: WS-* Components Affects Versions: 3.2.10 Reporter: Bjørn Hilstad Have been using SecurityConstants.VALIDATE_TOKEN=false to skip validation of UsernameToken with CXF 3.2.x successfully for a long time but this feature broke in 3.2.10. The reason is that the method getSecurityEngine(boolean utWithCallbacks) in WSS4JInInterceptor returns a different SecurityEngine than before. Up to version 3.2.9 using SecurityConstants.VALIDATE_TOKEN=false this method gave a WSSecurityEngine which had a WSSConfig with a validatorMap where the validator for "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken"; was a org.apache.wss4j.dom.validate.NoOpValidator. >From 3.2.10 it gives a WSSecurityEngine that has a WSSConfig with a >validatorMap where the validator for >"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken"; > was a org.apache.wss4j.dom.validate.UsernameTokenValidator and hence the >validation is NOT skipped anymore. Should this feature still work for 3.2.10 or has it been removed on purpose? Could probably be solved by just switching the order of the if-statements in getSecurityEngine(boolean utWithCallbacks). -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (CXF-8137) Using SecurityConstants.VALIDATE_TOKEN with WSS4JInInterceptor no longer allows skipping validation of token
[ https://issues.apache.org/jira/browse/CXF-8137?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh reassigned CXF-8137: Assignee: Colm O hEigeartaigh > Using SecurityConstants.VALIDATE_TOKEN with WSS4JInInterceptor no longer > allows skipping validation of token > > > Key: CXF-8137 > URL: https://issues.apache.org/jira/browse/CXF-8137 > Project: CXF > Issue Type: Bug > Components: WS-* Components >Affects Versions: 3.2.10 >Reporter: Bjørn Hilstad >Assignee: Colm O hEigeartaigh >Priority: Major > > Have been using SecurityConstants.VALIDATE_TOKEN=false to skip validation of > UsernameToken with CXF 3.2.x successfully for a long time but this feature > broke in 3.2.10. > The reason is that the method getSecurityEngine(boolean utWithCallbacks) in > WSS4JInInterceptor returns a different SecurityEngine than before. > Up to version 3.2.9 using SecurityConstants.VALIDATE_TOKEN=false this method > gave a WSSecurityEngine which had a WSSConfig with a validatorMap where the > validator for > "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken"; > was a org.apache.wss4j.dom.validate.NoOpValidator. > From 3.2.10 it gives a WSSecurityEngine that has a WSSConfig with a > validatorMap where the validator for > "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken"; > was a org.apache.wss4j.dom.validate.UsernameTokenValidator and hence the > validation is NOT skipped anymore. > Should this feature still work for 3.2.10 or has it been removed on purpose? > Could probably be solved by just switching the order of the if-statements in > getSecurityEngine(boolean utWithCallbacks). -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (CXF-8137) Using SecurityConstants.VALIDATE_TOKEN with WSS4JInInterceptor no longer allows skipping validation of token
[ https://issues.apache.org/jira/browse/CXF-8137?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated CXF-8137: - Fix Version/s: 3.2.12 3.3.5 > Using SecurityConstants.VALIDATE_TOKEN with WSS4JInInterceptor no longer > allows skipping validation of token > > > Key: CXF-8137 > URL: https://issues.apache.org/jira/browse/CXF-8137 > Project: CXF > Issue Type: Bug > Components: WS-* Components >Affects Versions: 3.2.10 >Reporter: Bjørn Hilstad >Assignee: Colm O hEigeartaigh >Priority: Major > Fix For: 3.3.5, 3.2.12 > > > Have been using SecurityConstants.VALIDATE_TOKEN=false to skip validation of > UsernameToken with CXF 3.2.x successfully for a long time but this feature > broke in 3.2.10. > The reason is that the method getSecurityEngine(boolean utWithCallbacks) in > WSS4JInInterceptor returns a different SecurityEngine than before. > Up to version 3.2.9 using SecurityConstants.VALIDATE_TOKEN=false this method > gave a WSSecurityEngine which had a WSSConfig with a validatorMap where the > validator for > "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken"; > was a org.apache.wss4j.dom.validate.NoOpValidator. > From 3.2.10 it gives a WSSecurityEngine that has a WSSConfig with a > validatorMap where the validator for > "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken"; > was a org.apache.wss4j.dom.validate.UsernameTokenValidator and hence the > validation is NOT skipped anymore. > Should this feature still work for 3.2.10 or has it been removed on purpose? > Could probably be solved by just switching the order of the if-statements in > getSecurityEngine(boolean utWithCallbacks). -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (CXF-7910) Change JAX-WS javax to jakarta artifact dependencies
[ https://issues.apache.org/jira/browse/CXF-7910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16960019#comment-16960019 ] Freeman Yue Fang commented on CXF-7910: --- Hi [~reta], FYI, I just pushed my changes to CXF-7910_jakarta_jaxws-api branch, so far it passed with both JDK8 and JDK11. And you're right, we may not need to use SAAJ1.5. My changes use SAAJ api 1.4 from Servicemix(not released so it's snapshot). And for the SAAJ impl, we don't even need to use 1.4(which still buggy under OSGi), I'm currently using SAAJ impl 1.3 bundle. I think once SAAJ api 1.4 bundle get released from Servicemix we can merge CXF-7910_jakarta_jaxws-api branch to master and move forward. Cheers Freeman > Change JAX-WS javax to jakarta artifact dependencies > > > Key: CXF-7910 > URL: https://issues.apache.org/jira/browse/CXF-7910 > Project: CXF > Issue Type: Task > Components: JAX-WS Runtime >Reporter: Dennis Kieselhorst >Priority: Minor > Fix For: 3.4.0 > > Time Spent: 10m > Remaining Estimate: 0h > > See https://github.com/eclipse-ee4j/jax-ws-api/issues/46 > According to https://projects.eclipse.org/projects/ee4j.jaxws/ will be > released on 2018-12-14. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (CXF-8137) Using SecurityConstants.VALIDATE_TOKEN with WSS4JInInterceptor no longer allows skipping validation of token
[ https://issues.apache.org/jira/browse/CXF-8137?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh resolved CXF-8137. -- Resolution: Fixed > Using SecurityConstants.VALIDATE_TOKEN with WSS4JInInterceptor no longer > allows skipping validation of token > > > Key: CXF-8137 > URL: https://issues.apache.org/jira/browse/CXF-8137 > Project: CXF > Issue Type: Bug > Components: WS-* Components >Affects Versions: 3.2.10 >Reporter: Bjørn Hilstad >Assignee: Colm O hEigeartaigh >Priority: Major > Fix For: 3.3.5, 3.2.12 > > > Have been using SecurityConstants.VALIDATE_TOKEN=false to skip validation of > UsernameToken with CXF 3.2.x successfully for a long time but this feature > broke in 3.2.10. > The reason is that the method getSecurityEngine(boolean utWithCallbacks) in > WSS4JInInterceptor returns a different SecurityEngine than before. > Up to version 3.2.9 using SecurityConstants.VALIDATE_TOKEN=false this method > gave a WSSecurityEngine which had a WSSConfig with a validatorMap where the > validator for > "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken"; > was a org.apache.wss4j.dom.validate.NoOpValidator. > From 3.2.10 it gives a WSSecurityEngine that has a WSSConfig with a > validatorMap where the validator for > "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken"; > was a org.apache.wss4j.dom.validate.UsernameTokenValidator and hence the > validation is NOT skipped anymore. > Should this feature still work for 3.2.10 or has it been removed on purpose? > Could probably be solved by just switching the order of the if-statements in > getSecurityEngine(boolean utWithCallbacks). -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (CXF-7910) Change JAX-WS javax to jakarta artifact dependencies
[ https://issues.apache.org/jira/browse/CXF-7910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16960190#comment-16960190 ] Andriy Redko commented on CXF-7910: --- Awesome, thanks a lot [~ffang] ! > Change JAX-WS javax to jakarta artifact dependencies > > > Key: CXF-7910 > URL: https://issues.apache.org/jira/browse/CXF-7910 > Project: CXF > Issue Type: Task > Components: JAX-WS Runtime >Reporter: Dennis Kieselhorst >Priority: Minor > Fix For: 3.4.0 > > Time Spent: 10m > Remaining Estimate: 0h > > See https://github.com/eclipse-ee4j/jax-ws-api/issues/46 > According to https://projects.eclipse.org/projects/ee4j.jaxws/ will be > released on 2018-12-14. -- This message was sent by Atlassian Jira (v8.3.4#803005)
