Comments on: Apache CXF Tutorial – WS-Security with Spring http://www.benmccann.com/dev-blog/apache-cxf-tutorial-ws-security-with-spring/ The software development weblog of Benjamin McCann. Mon, 06 Feb 2012 21:26:21 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Dmitry http://www.benmccann.com/dev-blog/apache-cxf-tutorial-ws-security-with-spring/comment-page-2/#comment-81556 Dmitry Mon, 30 Jan 2012 10:26:12 +0000 http://www.lumidant.com/blog/apache-cxf-tutorial-ws-security-with-spring/#comment-81556 Hello! I'm a confused about the server's callback handler. The matter is I can't get to it in the debug mode. After some time researching I found, that WSS4JInInterceptor doesn't have a callback. Please, see http://stackoverflow.com/questions/9035520/apache-cxf-spring-simple-certificate-authentication/9062076#9062076 for more details. Can you, please, answer these questions: 1. When do the WSS4JInInterceptor's callback is called 2. What password do the client sets in WSPasswordCallback pc = (WSPasswordCallback) callbacks[0]; pc.setPassword("") Hello!

I’m a confused about the server’s callback handler. The matter is I can’t get to it in the debug mode. After some time researching I found, that WSS4JInInterceptor doesn’t have a callback. Please, see http://stackoverflow.com/questions/9035520/apache-cxf-spring-simple-certificate-authentication/9062076#9062076 for more details.

Can you, please, answer these questions:
1. When do the WSS4JInInterceptor’s callback is called
2. What password do the client sets in WSPasswordCallback pc = (WSPasswordCallback) callbacks[0]; pc.setPassword(“”)

]]> By: cuyt http://www.benmccann.com/dev-blog/apache-cxf-tutorial-ws-security-with-spring/comment-page-2/#comment-74730 cuyt Thu, 29 Dec 2011 04:28:10 +0000 http://www.lumidant.com/blog/apache-cxf-tutorial-ws-security-with-spring/#comment-74730 how can we user cxf-rest server and client how can we user cxf-rest server and client

]]> By: Guilhem http://www.benmccann.com/dev-blog/apache-cxf-tutorial-ws-security-with-spring/comment-page-2/#comment-53221 Guilhem Mon, 05 Sep 2011 07:37:36 +0000 http://www.lumidant.com/blog/apache-cxf-tutorial-ws-security-with-spring/#comment-53221 Can anyone help regarding my post from Aug. 15th? Can anyone help regarding my post from Aug. 15th?

]]> By: smith http://www.benmccann.com/dev-blog/apache-cxf-tutorial-ws-security-with-spring/comment-page-2/#comment-52883 smith Wed, 31 Aug 2011 06:24:14 +0000 http://www.lumidant.com/blog/apache-cxf-tutorial-ws-security-with-spring/#comment-52883 I got the following exception: "java.util.MissingResourceException:Can't find bundle for base name...", anyone know how to name the bundle? Thx. I got the following exception:
“java.util.MissingResourceException:Can’t find bundle for base name…”, anyone know how to name the bundle? Thx.

]]> By: Guilhem http://www.benmccann.com/dev-blog/apache-cxf-tutorial-ws-security-with-spring/comment-page-2/#comment-51717 Guilhem Mon, 15 Aug 2011 07:01:51 +0000 http://www.lumidant.com/blog/apache-cxf-tutorial-ws-security-with-spring/#comment-51717 Hi there Thanks for this tutorial. I had to adapt it a little because my app is currently using the simple front-end, however I doubt it may be the reason why if is giving an unexpected (to me at least!) behavior. What happens if I leave both handle methods exactly as you provided them, is, the WS responds no matter which password is supplied by the client. In order to have the WS to actually check for the password being correct I had to modify the server-side handle method as follows: public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { WSPasswordCallback pc = (WSPasswordCallback) callbacks[0]; // We can call pc.getIdentifer() right here to check the username // if we want each client to have it's own password. if (!pc.getPassword().equals(password)) throw new IOException("Wrong password!"); } So did I miss something? Any ideas? Thanks in advance. Guilhem Hi there

Thanks for this tutorial. I had to adapt it a little because my app is currently using the simple front-end, however I doubt it may be the reason why if is giving an unexpected (to me at least!) behavior.

What happens if I leave both handle methods exactly as you provided them, is, the WS responds no matter which password is supplied by the client. In order to have the WS to actually check for the password being correct I had to modify the server-side handle method as follows:

public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {

WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];

// We can call pc.getIdentifer() right here to check the username
// if we want each client to have it’s own password.
if (!pc.getPassword().equals(password))
throw new IOException(“Wrong password!”);
}

So did I miss something? Any ideas?

Thanks in advance.

Guilhem

]]> By: Liav http://www.benmccann.com/dev-blog/apache-cxf-tutorial-ws-security-with-spring/comment-page-2/#comment-48380 Liav Thu, 07 Jul 2011 14:34:32 +0000 http://www.lumidant.com/blog/apache-cxf-tutorial-ws-security-with-spring/#comment-48380 Hi, Let's say i want to distribute the wsdl file to some client who doesn't support Spring & uses a simple CXF generator (wsdl2java). Will he be required to supply the ws with the auth password in addition to the service arguments? Where & how would it be supplied? Thanks & great job. Liav. Hi,

Let’s say i want to distribute the wsdl file to some client who doesn’t support Spring & uses a simple CXF generator (wsdl2java).

Will he be required to supply the ws with the auth password in addition to the service arguments?

Where & how would it be supplied?

Thanks & great job.

Liav.

]]> By: Sridhar http://www.benmccann.com/dev-blog/apache-cxf-tutorial-ws-security-with-spring/comment-page-2/#comment-45290 Sridhar Tue, 17 May 2011 11:40:47 +0000 http://www.lumidant.com/blog/apache-cxf-tutorial-ws-security-with-spring/#comment-45290 Hi Ben, Thanks a lot. You have done a great job for us. This tutorial is really helpful to test the security. I could set up this very quickly and finish the testing easily. I don't understand one thing why it is giving the outbound message 2 times. It would be great if you provide your comments. Once again thanks a lot. Hi Ben,

Thanks a lot. You have done a great job for us.
This tutorial is really helpful to test the security. I could set up this very quickly and finish the testing easily.
I don’t understand one thing why it is giving the outbound message 2 times. It would be great if you provide your comments.

Once again thanks a lot.

]]> By: Sairam http://www.benmccann.com/dev-blog/apache-cxf-tutorial-ws-security-with-spring/comment-page-2/#comment-41998 Sairam Tue, 08 Mar 2011 07:20:56 +0000 http://www.lumidant.com/blog/apache-cxf-tutorial-ws-security-with-spring/#comment-41998 I am getting following exception while invoking the client 8/03/2011 18:06:43 org.apache.cxf.phase.PhaseInterceptorChain doIntercept INFO: Interceptor has thrown exception, unwinding now Problems creating SAAJ object model I using CXF 2.1.4 on Weblogic 10.0. I am using following Server side XML: Error Stack Trace is as follows: Exception in thread "Main Thread" javax.xml.ws.soap.SOAPFaultException: Problems creating SAAJ object model at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:145) at $Proxy39.myFile(Unknown Source) at wsdlclient.myService_myServiceImplPort_Client.main(myService_myServiceImplPort_Client.java:73) Caused by: org.apache.cxf.binding.soap.SoapFault: Problems creating SAAJ object model at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75) at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46) at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:226) at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:96) at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69) at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:226) at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:641) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2102) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1980) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1905) at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66) at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:600) at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:226) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:469) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:299) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:251) at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124) I have added the Weblogic properties in JDK as well: -Djavax.xml.soap.MessageFactory=com.sun.xml.messaging.saaj.soap.ver1_1.SOAPMessageFactory1_1Impl -Djavax.xml.soap.SOAPConnectionFactory=weblogic.wsee.saaj.SOAPConnectionFactoryImpl and also set the prefer-application-packages to: javax.jws.* org.apache.* Could you please tell where the issue could be. Have spent lot of time on this, still no luck :-( I am getting following exception while invoking the client
8/03/2011 18:06:43 org.apache.cxf.phase.PhaseInterceptorChain doIntercept
INFO: Interceptor has thrown exception, unwinding now Problems creating SAAJ object model

I using CXF 2.1.4 on Weblogic 10.0. I am using following Server side XML:

Error Stack Trace is as follows:
Exception in thread “Main Thread” javax.xml.ws.soap.SOAPFaultException: Problems creating SAAJ object model
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:145)
at $Proxy39.myFile(Unknown Source)
at wsdlclient.myService_myServiceImplPort_Client.main(myService_myServiceImplPort_Client.java:73)
Caused by: org.apache.cxf.binding.soap.SoapFault: Problems creating SAAJ object model
at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75)
at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46)
at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:226)
at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:96)
at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)
at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:226)
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:641)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2102)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1980)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1905)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:600)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:226)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:469)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:299)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:251)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)

I have added the Weblogic properties in JDK as well:
-Djavax.xml.soap.MessageFactory=com.sun.xml.messaging.saaj.soap.ver1_1.SOAPMessageFactory1_1Impl
-Djavax.xml.soap.SOAPConnectionFactory=weblogic.wsee.saaj.SOAPConnectionFactoryImpl

and also set the prefer-application-packages to:

javax.jws.*
org.apache.*

Could you please tell where the issue could be. Have spent lot of time on this, still no luck :-(

]]> By: Krishna http://www.benmccann.com/dev-blog/apache-cxf-tutorial-ws-security-with-spring/comment-page-1/#comment-39439 Krishna Tue, 08 Feb 2011 09:42:20 +0000 http://www.lumidant.com/blog/apache-cxf-tutorial-ws-security-with-spring/#comment-39439 Apache Tomcat/7.0.6 - Error report<!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--> HTTP Status 500 - <b>type</b> Exception report<b>message</b> <b>description</b> The server encountered an internal error () that prevented it from fulfilling this request.<b>exception</b> javax.servlet.ServletException: Servlet execution threw an exception <b>root cause</b> java.lang.AbstractMethodError: org.apache.cxf.bus.CXFBusImpl.getProperties()Ljava/util/Map; org.apache.cxf.message.MessageImpl.calcContextCache(MessageImpl.java:221) org.apache.cxf.message.MessageImpl.getContextualProperty(MessageImpl.java:204) org.apache.cxf.message.AbstractWrappedMessage.getContextualProperty(AbstractWrappedMessage.java:164) org.apache.cxf.interceptor.StaxInInterceptor.getXMLInputFactory(StaxInInterceptor.java:92) org.apache.cxf.interceptor.StaxInInterceptor.handleMessage(StaxInInterceptor.java:81) org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:255) org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:89) org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:99) org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:337) org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:182) org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServlet.java:163) org.apache.cxf.transport.servlet.AbstractCXFServlet.doPost(AbstractCXFServlet.java:141) javax.servlet.http.HttpServlet.service(HttpServlet.java:641) javax.servlet.http.HttpServlet.service(HttpServlet.java:722) <b>note</b> The full stack trace of the root cause is available in the Apache Tomcat/7.0.6 logs.Apache Tomcat/7.0.6 Apache Tomcat/7.0.6 – Error report HTTP Status 500 – type Exception reportmessage description The server encountered an internal error () that prevented it from fulfilling this request.exception javax.servlet.ServletException: Servlet execution threw an exception
root cause java.lang.AbstractMethodError: org.apache.cxf.bus.CXFBusImpl.getProperties()Ljava/util/Map;
org.apache.cxf.message.MessageImpl.calcContextCache(MessageImpl.java:221)
org.apache.cxf.message.MessageImpl.getContextualProperty(MessageImpl.java:204)
org.apache.cxf.message.AbstractWrappedMessage.getContextualProperty(AbstractWrappedMessage.java:164)
org.apache.cxf.interceptor.StaxInInterceptor.getXMLInputFactory(StaxInInterceptor.java:92)
org.apache.cxf.interceptor.StaxInInterceptor.handleMessage(StaxInInterceptor.java:81)
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:255)
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:89)
org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:99)
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:337)
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:182)
org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServlet.java:163)
org.apache.cxf.transport.servlet.AbstractCXFServlet.doPost(AbstractCXFServlet.java:141)
javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
note The full stack trace of the root cause is available in the Apache Tomcat/7.0.6 logs.Apache Tomcat/7.0.6

]]> By: Krishna http://www.benmccann.com/dev-blog/apache-cxf-tutorial-ws-security-with-spring/comment-page-1/#comment-39438 Krishna Tue, 08 Feb 2011 09:41:45 +0000 http://www.lumidant.com/blog/apache-cxf-tutorial-ws-security-with-spring/#comment-39438 Hi Ben, Thx 4 a great tutorial.. Am getting the following exception...Not sure what went wrong.. Thx, Krishna Hi Ben,

Thx 4 a great tutorial..

Am getting the following exception…Not sure what went wrong..

Thx,
Krishna

]]>