Problem with AcegiDigestPasswordValidationCallbackHandler
Hi,
I'm using now AcegiDigestPasswordValidationCallbackHandler to ensure users authentication in my ws, i use soapui to invoke my service, so i add security element in soap:header to test my service,like this :
.HTML Code:<soapenv:Header> <wsse:Security soapenv:mustUnderstand="1"> <wsse:UsernameToken wsu:Id="UsernameToken"> <wsse:Username>user1</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">a5wOu6kRbAOdj9lqIlriXUy46Mg=</wsse:Password> <wsse:Nonce>ffafffee57re</wsse:Nonce> <wsu:Created>2008-04-28T17:23:57.062Z</wsu:Created> </wsse:UsernameToken> </wsse:Security> </soapenv:Header>
and here is my config ws-spring-servlet.xml:
.HTML Code:<beans ......> .... <bean id="wsSecurityInterceptor" class="org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor"> <property name="policyConfiguration" value="/WEB-INF/securityPolicy.xml" /> <property name="callbackHandlers"> <list> <ref bean="acegiDigestPasswordValidationHandler" /> </list> </property> </bean> <bean id="acegiDigestPasswordValidationHandler" class="org.springframework.ws.soap.security.xwss.callback.acegi.AcegiDigestPasswordValidationCallbackHandler"> <property name="userDetailsService" ref="userDetailsService"/> </bean> <bean id="userDetailsService" class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl"> <property name="dataSource"> <ref bean="dataSource" /> </property> </bean> <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource"> <property name="driverClassName"> <value>com.mysql.jdbc.Driver</value> </property> <property name="url"> <value>jdbc:mysql:url:3306/mydb</value> </property> <property name="username"> <value>username</value> </property> <property name="password"> <value>password</value> </property> </bean> <bean id="endpointMapping" .........> <property name="interceptors"> <list> <ref bean="wsSecurityInterceptor" /> </list> </property> </bean> ....... <beans>
I try to generate manualy Digest from pwd,nonce, and created( To test), but evry time i get this error :
GRAVE: WSS1408: UsernameToken Authentication Failed
28/04/2008 17:23:30 WARN [AbstractWsSecurityInterceptor] : Could not validate request: com.sun.xml.wss.impl.WssSoapFaultException: Authentication of Username Password Token Failed; nested exception is com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.impl.WssSoapFaultException: Authentication of Username Password Token Failed.
I used new BASE64Encoder()).encode(sha1.digest() to generate password digest with previous value of security element in header.
I want to know which Algo used by Acegi to verify passordDigest. Second, is it a bug fixed with AcegiDigestPasswordValidationCallbackHandler : according to this post :
http://forum.springframework.org/sho...d.php?p=177391.
I'm using acegi 1.0.7
spring-ws 1.5.0
Thanks
