tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From capozx>
Subject Problem authenticating SOAP usernameToken
Date Fri, 14 Sep 2018 11:14:26 GMT
Hi, i'm a trying to develop a SOAP web service, but i'm having trouble
authenticating the UsernameToken included in every SOAP message header.My
tomEE server version is tomEE plus 7.0.5.According to the documentation,
WS-SecurityPolicy does the necessary work to handle security, after a proper
configuration.I do configuration through Endpoint Property Annotations, in
the following way: @WebService(targetNamespace = "", name
= "MyService")@EndpointProperties(value = {        @EndpointProperty(key =
"ws-security.callback-handler", value =
"org.tempuri.ServerPasswordCallback")        //@EndpointProperty(key =
"ws-security.validate.token", value = "false")    })public interface
MyService {...}The ServerPasswordCallback is:public class
ServerPasswordCallback implements CallbackHandler {    public
ServerPasswordCallback() {        System.out.println("Instantiating
ServerPasswordCallback");    }    public void handle(Callback[] callbacks)
throws IOException,            UnsupportedCallbackException {       
System.out.println("Validating on ServerPasswordCallback");       
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];        if
(pc.getIdentifier().equals("joe")) {            // set the password on the
callback. This will be compared to the            // password which was sent
from the client.            pc.setPassword("password");        }    }}The
problem is that i get the following exception:Caused by:
org.apache.wss4j.common.ext.WSSecurityException: The security token could
not be authenticated or authorized	at
sent message's header is: <?xml version="1.0"?>            joe      password     
ey+3J+OKoHlhfqREn7Q8jw==      2018-09-14T10:59:10.459Z             
2018-09-14T10:59:10.459Z      2018-09-14T10:59:15.459Z      The strange
thing is that seems that ServerPasswordCallback is never instantiated, and
handle() is never called.If in the Endpoint properties annotations i set
ws-security.validate.token to false, the former Exception is thrown, even if
thisproperty should prevent Token validation.That fact make me think that
annotations are not working, but i can't figure out why.Is this the correct
way of authenticating a UsernameToken?Are the Endpoint properties
annotations correct? 

Sent from:
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message