tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Romain Manni-Bucau <rmannibu...@gmail.com>
Subject Re: WS-Security UsernameToken with plain text password
Date Mon, 08 Aug 2016 15:37:38 GMT
Hello

thanks for the effort.

If you compare your validator to the openejb one you will realize you
shouldn't associate all the time. Typically we only associate when outside
tomcat (openejb-http mainly ~= unit tests). If you only use that code in
tomee/tomcat just remove the associate otherwise you can handle it with
this code:

https://github.com/apache/tomee/blob/master/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/OpenEJBLoginValidator.java#L54

(also you should be able to use this default impl instead of yours if your
real impl doesn't have more logic)

Once this fixed it works well



Romain Manni-Bucau
@rmannibucau <https://twitter.com/rmannibucau> |  Blog
<https://blog-rmannibucau.rhcloud.com> | Old Wordpress Blog
<http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> |
LinkedIn <https://www.linkedin.com/in/rmannibucau> | Tomitriber
<http://www.tomitribe.com> | JavaEE Factory
<https://javaeefactory-rmannibucau.rhcloud.com>

2016-08-08 16:08 GMT+02:00 vnalla <v_nalla@hotmail.com>:

> Hi,
>
> TomEE version 7.0.1 with xmlsec-2.0.6.jar
>
> The user name and role were added to tomcat-user.xml
> <role rolename="ws-security"/>
> <user username="theUserName" password="thePassword" roles="ws-security"/>
>
> How to run:
> mvn clean package -Dmaven.test.skip=true
> deploy the test-1.war file to TomEE 7.0.1 server
> mvn test
>
> test.zip <http://tomee-openejb.979440.n4.nabble.com/file/n4679649/test.zip
> >
>
> Here is the exception log:
>
> Inbound Message
> ----------------------------
> ID: 7
> Address: http://localhost:8080/test-1/webservices/TestService
> Encoding: UTF-8
> Http-Method: POST
> Content-Type: text/xml; charset=UTF-8
> Headers: {Accept=[*/*], cache-control=[no-cache], connection=[keep-alive],
> Content-Length=[1450], content-type=[text/xml; charset=UTF-8],
> host=[localhost:8080], pragma=[no-cache], SOAPAction=[""],
> user-agent=[Apache CXF 3.1.6]}
> Payload: <soap:Envelope
> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><
> soap:Header><wsse:Security
> soap:mustUnderstand="1"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-
> 200401-wss-wssecurity-secext-1.0.xsd"><wsse:UsernameToken
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-
> 200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="UsernameToken-5d87caae-7ff8-40b5-8e11-
> d2d96369092e"><wsse:Username>theUserName</wsse:Username><wsse:Password
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-
> wss-username-token-profile-1.0#PasswordText">thePassword</
> wsse:Password></wsse:UsernameToken></wsse:Security><MessageHeader
> xmlns:ns2="http://mycompany.com/test"
> xmlns="http://mycompany.com/appl/exception"/></soap:
> Header><soap:Body><ns2:TestRequest
> xmlns="http://mycompany.com/appl/exception"
> xmlns:ns2="http://mycompany.com/test"><ns2:Information><
> ns2:stringElement>This
> is a string
> ::0::</ns2:stringElement><ns2:intElement>1</ns2:intElement><
> ns2:version><ns2:major>1</ns2:major><ns2:minor>0</ns2:minor>
> </ns2:version><ns2:name><ns2:first>First
> 0</ns2:first><ns2:last>Last
> 0</ns2:last></ns2:name></ns2:Information><ns2:Information><
> ns2:stringElement>This
> is a string
> ::1::</ns2:stringElement><ns2:intElement>2</ns2:intElement><
> ns2:version><ns2:major>2</ns2:major><ns2:minor>0</ns2:minor>
> </ns2:version><ns2:name><ns2:first>First
> 1</ns2:first><ns2:last>Last
> 1</ns2:last></ns2:name></ns2:Information></ns2:TestRequest>
> </soap:Body></soap:Envelope>
> --------------------------------------
> 08-Aug-2016 10:42:28.224 WARNING [http-nio-8080-exec-7]
> org.apache.cxf.phase.PhaseInterceptorChain.doDefaultLogging Interceptor
> for
> {http://mycompany.com/test}TestService has thrown exception, unwinding now
>  java.lang.SecurityException: Thread already associated with a client
> identity.  Refusing to overwrite.
>         at
> com.mycompany.test.ServerPasswordCallback.handle(
> ServerPasswordCallback.java:92)
>         at
> org.apache.cxf.ws.security.wss4j.TokenStoreCallbackHandler.handle(
> TokenStoreCallbackHandler.java:64)
>         at
> org.apache.wss4j.dom.validate.UsernameTokenValidator.verifyDigestPassword(
> UsernameTokenValidator.java:162)
>         at
> org.apache.openejb.server.cxf.OpenEJBLoginValidator.verifyDigestPassword(
> OpenEJBLoginValidator.java:36)
>         at
> org.apache.wss4j.dom.validate.UsernameTokenValidator.
> verifyPlaintextPassword(UsernameTokenValidator.java:136)
>         at
> org.apache.wss4j.dom.validate.UsernameTokenValidator.validate(
> UsernameTokenValidator.java:94)
>         at
> org.apache.wss4j.dom.processor.UsernameTokenProcessor.handleUsernameToken(
> UsernameTokenProcessor.java:171)
>         at
> org.apache.wss4j.dom.processor.UsernameTokenProcessor.handleToken(
> UsernameTokenProcessor.java:66)
>         at
> org.apache.wss4j.dom.engine.WSSecurityEngine.processSecurityHeader(
> WSSecurityEngine.java:344)
>         at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(
> WSS4JInInterceptor.java:267)
>         at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(
> WSS4JInInterceptor.java:171)
>         at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(
> WSS4JInInterceptor.java:80)
>         at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308)
>         at
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(
> ChainInitiationObserver.java:121)
>         at
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(
> AbstractHTTPDestination.java:254)
>         at
> org.apache.openejb.server.cxf.CxfWsContainer.onMessage(
> CxfWsContainer.java:85)
>         at
> org.apache.openejb.server.webservices.WsServlet.service(WsServlet.java:98)
>         at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> ApplicationFilterChain.java:230)
>         at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:165)
>         at org.apache.tomcat.websocket.server.WsFilter.doFilter(
> WsFilter.java:52)
>         at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> ApplicationFilterChain.java:192)
>         at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:165)
>         at org.apache.openejb.server.httpd.EEFilter.doFilter(
> EEFilter.java:65)
>         at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> ApplicationFilterChain.java:192)
>         at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:165)
>         at
> org.apache.catalina.core.StandardWrapperValve.invoke(
> StandardWrapperValve.java:198)
>         at
> org.apache.catalina.core.StandardContextValve.invoke(
> StandardContextValve.java:108)
>         at org.apache.tomee.catalina.OpenEJBValve.invoke(
> OpenEJBValve.java:44)
>         at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(
> AuthenticatorBase.java:522)
>         at
> org.apache.catalina.core.StandardHostValve.invoke(
> StandardHostValve.java:140)
>         at
> org.apache.catalina.valves.ErrorReportValve.invoke(
> ErrorReportValve.java:79)
>         at
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(
> AbstractAccessLogValve.java:620)
>         at
> org.apache.catalina.core.StandardEngineValve.invoke(
> StandardEngineValve.java:87)
>         at
> org.apache.catalina.connector.CoyoteAdapter.service(
> CoyoteAdapter.java:349)
>         at
> org.apache.coyote.http11.Http11Processor.service(
> Http11Processor.java:1110)
>         at
> org.apache.coyote.AbstractProcessorLight.process(
> AbstractProcessorLight.java:66)
>         at
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(
> AbstractProtocol.java:785)
>         at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.
> doRun(NioEndpoint.java:1425)
>         at
> org.apache.tomcat.util.net.SocketProcessorBase.run(
> SocketProcessorBase.java:52)
>         at
> java.util.concurrent.ThreadPoolExecutor.runWorker(
> ThreadPoolExecutor.java:1142)
>         at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(
> ThreadPoolExecutor.java:617)
>         at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(
> TaskThread.java:61)
>         at java.lang.Thread.run(Thread.java:745)
>
> 08-Aug-2016 10:42:28.224 INFO [86]
> org.apache.cxf.services.TestService.TestPort.TestPortType.null Outbound
> Message
> ---------------------------
> ID: 7
> Response-Code: 500
> Encoding: UTF-8
> Content-Type: text/xml
> Headers: {}
> Payload: <soap:Envelope
> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><
> soap:Body><soap:Fault><faultcode>soap:Server</
> faultcode><faultstring>Thread
> already associated with a client identity.  Refusing to
> overwrite.</faultstring></soap:Fault></soap:Body></soap:Envelope>
> --------------------------------------
>
> Thanks,
> Venkat
>
>
>
>
> --
> View this message in context: http://tomee-openejb.979440.
> n4.nabble.com/WS-Security-UsernameToken-with-plain-text-
> password-tp4679439p4679649.html
> Sent from the TomEE Users mailing list archive at Nabble.com.
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message