tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vnalla <v_na...@hotmail.com>
Subject Re: WS-Security UsernameToken with plain text password
Date Mon, 08 Aug 2016 14:08:51 GMT
Hi,

TomEE version 7.0.1 with xmlsec-2.0.6.jar

The user name and role were added to tomcat-user.xml
<role rolename="ws-security"/>
<user username="theUserName" password="thePassword" roles="ws-security"/>

How to run:
mvn clean package -Dmaven.test.skip=true
deploy the test-1.war file to TomEE 7.0.1 server
mvn test

test.zip <http://tomee-openejb.979440.n4.nabble.com/file/n4679649/test.zip>  

Here is the exception log:

Inbound Message
----------------------------
ID: 7
Address: http://localhost:8080/test-1/webservices/TestService
Encoding: UTF-8
Http-Method: POST
Content-Type: text/xml; charset=UTF-8
Headers: {Accept=[*/*], cache-control=[no-cache], connection=[keep-alive],
Content-Length=[1450], content-type=[text/xml; charset=UTF-8],
host=[localhost:8080], pragma=[no-cache], SOAPAction=[""],
user-agent=[Apache CXF 3.1.6]}
Payload: <soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><wsse:Security
soap:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="UsernameToken-5d87caae-7ff8-40b5-8e11-d2d96369092e"><wsse:Username>theUserName</wsse:Username><wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">thePassword</wsse:Password></wsse:UsernameToken></wsse:Security><MessageHeader
xmlns:ns2="http://mycompany.com/test"
xmlns="http://mycompany.com/appl/exception"/></soap:Header><soap:Body><ns2:TestRequest
xmlns="http://mycompany.com/appl/exception"
xmlns:ns2="http://mycompany.com/test"><ns2:Information><ns2:stringElement>This
is a string
::0::</ns2:stringElement><ns2:intElement>1</ns2:intElement><ns2:version><ns2:major>1</ns2:major><ns2:minor>0</ns2:minor></ns2:version><ns2:name><ns2:first>First
0</ns2:first><ns2:last>Last
0</ns2:last></ns2:name></ns2:Information><ns2:Information><ns2:stringElement>This
is a string
::1::</ns2:stringElement><ns2:intElement>2</ns2:intElement><ns2:version><ns2:major>2</ns2:major><ns2:minor>0</ns2:minor></ns2:version><ns2:name><ns2:first>First
1</ns2:first><ns2:last>Last
1</ns2:last></ns2:name></ns2:Information></ns2:TestRequest></soap:Body></soap:Envelope>
--------------------------------------
08-Aug-2016 10:42:28.224 WARNING [http-nio-8080-exec-7]
org.apache.cxf.phase.PhaseInterceptorChain.doDefaultLogging Interceptor for
{http://mycompany.com/test}TestService has thrown exception, unwinding now
 java.lang.SecurityException: Thread already associated with a client
identity.  Refusing to overwrite.
	at
com.mycompany.test.ServerPasswordCallback.handle(ServerPasswordCallback.java:92)
	at
org.apache.cxf.ws.security.wss4j.TokenStoreCallbackHandler.handle(TokenStoreCallbackHandler.java:64)
	at
org.apache.wss4j.dom.validate.UsernameTokenValidator.verifyDigestPassword(UsernameTokenValidator.java:162)
	at
org.apache.openejb.server.cxf.OpenEJBLoginValidator.verifyDigestPassword(OpenEJBLoginValidator.java:36)
	at
org.apache.wss4j.dom.validate.UsernameTokenValidator.verifyPlaintextPassword(UsernameTokenValidator.java:136)
	at
org.apache.wss4j.dom.validate.UsernameTokenValidator.validate(UsernameTokenValidator.java:94)
	at
org.apache.wss4j.dom.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:171)
	at
org.apache.wss4j.dom.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:66)
	at
org.apache.wss4j.dom.engine.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:344)
	at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:267)
	at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:171)
	at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:80)
	at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
	at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
	at
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:254)
	at
org.apache.openejb.server.cxf.CxfWsContainer.onMessage(CxfWsContainer.java:85)
	at
org.apache.openejb.server.webservices.WsServlet.service(WsServlet.java:98)
	at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
	at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
	at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
	at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
	at org.apache.openejb.server.httpd.EEFilter.doFilter(EEFilter.java:65)
	at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
	at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
	at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
	at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:108)
	at org.apache.tomee.catalina.OpenEJBValve.invoke(OpenEJBValve.java:44)
	at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:522)
	at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
	at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
	at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620)
	at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
	at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)
	at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:1110)
	at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
	at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:785)
	at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1425)
	at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
	at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:745)

08-Aug-2016 10:42:28.224 INFO [86]
org.apache.cxf.services.TestService.TestPort.TestPortType.null Outbound
Message
---------------------------
ID: 7
Response-Code: 500
Encoding: UTF-8
Content-Type: text/xml
Headers: {}
Payload: <soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>Thread
already associated with a client identity.  Refusing to
overwrite.</faultstring></soap:Fault></soap:Body></soap:Envelope>
--------------------------------------

Thanks,
Venkat




--
View this message in context: http://tomee-openejb.979440.n4.nabble.com/WS-Security-UsernameToken-with-plain-text-password-tp4679439p4679649.html
Sent from the TomEE Users mailing list archive at Nabble.com.

Mime
View raw message