Autowire failed in Password Callback Class

Question

I am using a WSS4JOutInterceptor and a WSS4JInInterceptor to intercept soap web service. In there I am using

passwordCallbackClass

Sample intercepter

<bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor" id="inbound-security">
    <constructor-arg>
        <map>
            <entry key="action" value="Signature Encrypt"/>
            <entry key="signaturePropFile" value="serviceKeystore.properties"/>
            <entry key="decryptionPropFile" value="clientKeystore.properties"/>
            <entry key="passwordCallbackClass" value="com.service.toolprovider.ToolProviderCallbackHandler"/>
        </map>
    </constructor-arg>
</bean>

In my password callback class I need to inject another class to get password.

@Component
public class ToolProviderCallbackHandler implements CallbackHandler {

    @Autowired
    private IAuthenticationConfiguration configuration;

    @Override
    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {

        for (Callback callback : callbacks) {

            WSPasswordCallback wsPasswordCallback = (WSPasswordCallback) callback;

            if (wsPasswordCallback.getUsage() == WSPasswordCallback.SIGNATURE || wsPasswordCallback.getUsage() == WSPasswordCallback.DECRYPT) {

                if (wsPasswordCallback.getIdentifier().equals("client alias")) {
                    wsPasswordCallback.setPassword("password");
                }
            }
        }
    }
}

But here autowired is not working. configuration property is always null.

I have exactly the same problem – mcvkr Mar 29 '17 at 14:06 — mcvkr, Mar 29 '17 at 14:06

score 0 · Answer 1 · answered Mar 19 '19 at 15:43

For anyone coming across this in future, I ran into the same issue and solved using the following: https://dzone.com/articles/autowiring-spring-beans-into-classes-not-managed-by-spring


@Service
public class BeanUtil implements ApplicationContextAware {
    private static ApplicationContext context;
    @Override
    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
        context = applicationContext;
    }
    public static <T> T getBean(Class<T> beanClass) {
        return context.getBean(beanClass);
    }
}

Then in callback handler set the configuration using BeanUtil.getBean(IAuthenticationConfiguration.class)

score 0 · Answer 2 · answered May 08 '20 at 19:29

Keep your configuration in interceptor for passwordCallbackClass as below, this will help your password callback handler also be managed by Spring.

That means your autowire will work

<bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor" id="inbound-security">
    <constructor-arg>
        <map>
            <entry key="action" value="Signature Encrypt"/>
            <entry key="signaturePropFile" value="serviceKeystore.properties"/>
            <entry key="decryptionPropFile" value="clientKeystore.properties"/>
            <entry>
                    <key>
                        <value>passwordCallbackRef</value>
                    </key>
                    <ref bean="passwordCallbackHandler" />
                </entry>
        </map>
    </constructor-arg>
</bean>

<bean id="passwordCallbackHandler" class="com.service.toolprovider.ToolProviderCallbackHandler" />

Ref: https://deepintojee.wordpress.com/2010/12/13/securing-a-webservice-at-method-level-apache-cxf-spring-security-jsr-250-wss4j/

Autowire failed in Password Callback Class

2 Answers2