wsit
  1. wsit
  2. WSIT-1608

CallbackHandler to username, password callbacks does not work

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: security
    • Labels:
      None
    • Environment:

      NetBeans 7.0.1 Glassfish 3.1

      Description

      I have a client and server project. I want to implement Username Authentication with symmetric Key.
      I edit my serverside webservices parameter and add keystore.
      I write a callbackhandler like here:http://java.net/jira/browse/WSIT-1376
      I edit my client side webservice reference and I select dynamic , and I am able to add my callback class.

      But I think, my callback class dont work,

      When I try to edit my webservice refence with authentication credential type "Static" and I give default password and Username. It works. This brings me to the callback handler doesnt work properly,and I have an exception , in glassfish server.

      SEVERE: WSS1409: Invalid UsernameToken both nonce and created are absent
      SEVERE: WSITPVD0029: Error in Securing Outbound Message.
      com.sun.xml.wss.impl.WssSoapFaultException: Invalid Security Header

      I attach my servlet, callbackand error trace.

      1. LoginServlet.java
        3 kB
        aysu
      2. SecurityHeader.java
        2 kB
        aysu
      3. trace.txt
        11 kB
        aysu

        Activity

        Hide
        Nithya Ramakrishnan added a comment -

        Normally a Callback handler would not work when the client is a servlet (in the JSR109 case), since the ContainerCallbackHandler cannot collect the user credentials interactively. Only if the client is an appclient, it was supposed to work.

        However we have relaxed this condition for simple Callback Handlers that set the username/password in the callback.

        Sending src/main/java/com/sun/xml/wss/impl/misc/WSITProviderSecurityEnvironment.java
        Transmitting file data .
        Committed revision 7058.

        Show
        Nithya Ramakrishnan added a comment - Normally a Callback handler would not work when the client is a servlet (in the JSR109 case), since the ContainerCallbackHandler cannot collect the user credentials interactively. Only if the client is an appclient, it was supposed to work. However we have relaxed this condition for simple Callback Handlers that set the username/password in the callback. Sending src/main/java/com/sun/xml/wss/impl/misc/WSITProviderSecurityEnvironment.java Transmitting file data . Committed revision 7058.

          People

          • Assignee:
            kumarjayanti
            Reporter:
            aysu
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: