Databases
StackOverflow2013
Postsdbo
POSpring WS "The security token could not be authenticated or authorized"
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POSpring WS "The security token could not be authenticated or authorized"
    text
    copied!<p>I'm creating a java client consumer for a web service using SpringWS-Security. </p> <p><strong>My Request SOAP (That I use in SOAP UI)</strong></p> <pre><code>&lt;soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:sch="http://myws.mycompany.com/myws/schema"&gt; &lt;soapenv:Header&gt; &lt;wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"&gt; &lt;wsse:UsernameToken xmlns:wsu="http://schemas.xmlsoap.org/ws/2003/06/utility"&gt; &lt;wsse:Username&gt;myUsernameString&lt;/wsse:Username&gt; &lt;wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"&gt;123&lt;/wsse:Password&gt; &lt;/wsse:UsernameToken&gt; &lt;/wsse:Security&gt; &lt;/soapenv:Header&gt; &lt;soapenv:Body&gt; &lt;sch:GetUserDetails idSender="5"/&gt; &lt;/soapenv:Body&gt; &lt;/soapenv:Envelope&gt; </code></pre> <p><strong>My servlet.xml in the WS.</strong></p> <pre><code>&lt;bean name="endpointMapping" class="org.springframework.ws.server.endpoint.mapping.PayloadRootQNameEndpointMapping"&gt; &lt;property name="interceptors"&gt; &lt;list&gt; &lt;ref local="wsSecurityInterceptor" /&gt; &lt;/list&gt; &lt;/property&gt; &lt;bean id="wsSecurityInterceptor" class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor"&gt; &lt;property name="validationActions" value="UsernameToken" /&gt; &lt;property name="validationCallbackHandler" ref="springSecurityCallbackHandler" /&gt; &lt;/bean&gt; &lt;bean id="springSecurityCallbackHandler" class="org.springframework.ws.soap.security.wss4j.callback.SpringPlainTextPasswordValidationCallbackHandler"&gt; &lt;property name="authenticationManager" ref="authenticationManager"/&gt; &lt;/bean&gt; &lt;bean id="authenticationProvider" class="ws.security.CustomAuthenticationProviderImpl"&gt; &lt;property name="userCommonService" ref="userCommonService" /&gt; &lt;security:custom-authentication-provider/&gt; &lt;/bean&gt; &lt;security:authentication-manager alias="authenticationManager" /&gt;. </code></pre> <p><strong>In my Java Client - applicationContext.xml</strong></p> <pre><code>&lt;bean name="webserviceTemplate" class="org.springframework.ws.client.core.WebServiceTemplate"&gt; &lt;property name="defaultUri" value="http:/localhost:8080/myws-ws/" /&gt; &lt;property name="marshaller" ref="marshaller" /&gt; &lt;property name="unmarshaller" ref="unmarshaller" /&gt; &lt;property name="interceptors"&gt; &lt;list&gt; &lt;ref local="wsSecurityInterceptor" /&gt; &lt;/list&gt; &lt;/property&gt; &lt;/bean&gt; &lt;oxm:jaxb2-marshaller id="marshaller" contextPath="org.example.bean.schema" /&gt; &lt;oxm:jaxb2-marshaller id="unmarshaller" contextPath="org.example.org.bean.schema" /&gt; &lt;bean id="client" class="example.client.impl.EfactClientImpl"&gt; &lt;property name="webServiceTemplate" ref="webserviceTemplate" /&gt; &lt;/bean&gt; &lt;bean id="wsSecurityInterceptor" class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor"&gt; &lt;property name="securementActions" value="UsernameToken"/&gt; &lt;/bean&gt; </code></pre> <p>When I use SOAP UI to consume the service everything is going fine, I think I need a little help at the Java Client and its context because when I run it I got this error: </p> <pre><code>The security token could not be authenticated or authorized; nested exception is: javax.security.auth.callback.UnsupportedCallbackException; nested exception is org.apache.ws.security.WSSecurityException: The security token could not be authenticated or authorized; nested exception is: javax.security.auth.callback.UnsupportedCallbackException </code></pre> <p>When I debug my app I can notice that this element is crashing:</p> <pre><code>GetUserRequest request = new GetUserRequest(); request.setIdentifier(user.getIdentifier()); request.setPassword(user.getPassword()); GetUserResponse response = new GetUserResponse(); /* Crashing here. */ response = (GetUserResponse) getWebServiceTemplate().marshalSendAndReceive(request); </code></pre> <p>FYI: I always see this list of users in SpringWS with security, but what if I have a lot of users trying to access.</p> <p><strong>WS - [servlet-name]-servlet.xml</strong></p> <pre><code>&lt;bean id="callbackHandler" class="org.springframework.ws.soap.security.wss4j.callback.SimplePasswordValidationCallbackHandler"&gt; &lt;property name="users"&gt; &lt;props&gt; &lt;prop key="Bert"&gt;Ernie&lt;/prop&gt; &lt;prop key="Mickey"&gt;Mouse&lt;/prop&gt; &lt;/props&gt; &lt;/property&gt; &lt;/bean&gt; </code></pre> <p>How can I resolve this UnsupportedCallbackException Exception?</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload