Basic Auth with WSS4J / camel cxf (Https)

Question

For a SOAP web service, I have a working example of the configuration for PasswordDigest authentication via camel-cxf and WSS4J :

<camel-cxf:cxfEndpoint id="myService"
                       address="${ws.endpoint.address}"
                       serviceName="es:MyService"
                       wsdlURL="wsdl/myservice.wsdl"
                       endpointName="es:MyServicePort"
                       serviceClass="com.us.MyServiceEndpoint"
                       xmlns:es="http://us.com/services/MyService">
    <camel-cxf:inInterceptors>
        <bean class="org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor">
            <property name="properties">
                <map>
                    <entry key="action" value="UsernameToken"/>
                    <entry key="passwordType" value="PasswordDigest"/>
                    <entry key="passwordCallbackRef" value-ref="myPasswordCallback"/>
                </map>
            </property>
        </bean>
    </camel-cxf:inInterceptors>
</camel-cxf:cxfEndpoint>

We have a request to enable the same resource for BASIC authentication - how can this configuration be modified to do that?

I have changed the following line and tested via SOAP UI:

                    <entry key="passwordType" value="PasswordText"/>

However the result is a SOAP fault from UsernameTokenValidator.java:

  <soap:Fault>
     <faultcode>soap:Server</faultcode>
     <faultstring>These policy alternatives can not be satisfied: 
         {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}
         UsernameToken: Password hashing policy not enforced</faultstring>
  </soap:Fault>

If anyone has some guidance here it would be appreciated.

score 1 · Answer 1 · answered Oct 16 '14 at 11:04

You are mixing up the two different ways of configuring WS-Security in CXF.

The "PolicyBasedWSS4JInInterceptor" is used when you have a WS-SecurityPolicy to configure security. You don't need to actually add it at all, as CXF will automatically add it to the interceptor chain. It's configured via the configuration tags specified here: http://cxf.apache.org/docs/ws-securitypolicy.html. The configuration tags you are specifying as "properties" are ignored for the security policy case.

If you want to configure security via a policy in this case, you will need to remove the "HashPassword" policy if you want to support plaintext passwords.

If you want to only configure via "actions" you should be using the "WSS4JInInterceptor" instead (which the policy based interceptor extends).

Colm.

score 0 · Answer 2 · answered Nov 27 '18 at 13:52

0

The WSS-PasswordType needed to change from PasswordText to PasswordDigest.

answered Nov 27 '18 at 13:52

vikingsteve

38,481
23
112
156

Basic Auth with WSS4J / camel cxf (Https)

2 Answers2