CxF component is throwing errors when we use WSDL file with WS Policy

One Star

CxF component is throwing errors when we use WSDL file with WS Policy

Cannot use cCXF Component as proxy to a secure web service,
1. I have exposed a simple SOAP web service which uses WS*Security. Security options (addressing and usertoken) are part of the WSDL Policy description.
2. A route, with cCxf component which I am using to read the http headers on the request and add them to the body before invoking secure service.
Tried the following options

1. Option 1 : With security enabled on WebSerivces- (WSDL Policy), and no security on Route
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<soap:Fault>
<faultcode>soap:Client</faultcode>
<faultstring>General security error (WSSecurityEngine: No password callback supplied)</faultstring>
</soap:Fault>
</soap:Body>
</soap:Envelope>

My assumption is since the security will be handled by the web service, cCXF element should just allow the request to pass through, Unfortunately it does not.
Request generated on the log
2013-08-05 23:09:33,376 | INFO | TestService?wsdl | TestServicePortType | 111 - org.apache.cxf.cxf-api - 2.7.3 | Inbound Message
----------------------------
ID: 1
Address: http://localhost:8040/services/TestService?wsdl
Encoding: UTF-8
Http-Method: GET
Content-Type: text/xml
Headers: {Accept=, Cache-Control=, connection=, content-type=, Host=, Pragma=, User-Agent=}
--------------------------------------
And throws the following error on the route
WSS4JInInterceptor WARN
org.apache.ws.security.WSSecurityException: General security error (WSSecurityEngine: No password callback supplied)
at org.apache.ws.security.validate.UsernameTokenValidator.verifyDigestPassword(UsernameTokenValidator.java:155)
at org.apache.ws.security.validate.UsernameTokenValidator.verifyPlaintextPassword(UsernameTokenValidator.java:142)
at org.apache.ws.security.validate.UsernameTokenValidator.validate(UsernameTokenValidator.java:100)
at org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:172)
at org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:67)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:277)
at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:120)
at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:105)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:355)
at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:319)
at org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:72)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1074)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1010)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
at org.eclipse.jetty.server.Server.handle(Server.java:365)
at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:485)
at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:937)
at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:998)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:856)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)
at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:627)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:51)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
at java.lang.Thread.run(Unknown Source)
PhaseInterceptorChain WARN Interceptor for {http://www.talend.org/service/}TestService#{http://www.talend.org/service/}TestServiceOperation has thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: General security error (WSSecurityEngine: No password callback supplied)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:786)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:334)
at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:120)
at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:105)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:355)
at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:319)
at org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:72)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1074)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1010)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
at org.eclipse.jetty.server.Server.handle(Server.java:365)
at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:485)
at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:937)
at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:998)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:856)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)
at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:627)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:51)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
at java.lang.Thread.run(Unknown Source)
Caused by: org.apache.ws.security.WSSecurityException: General security error (WSSecurityEngine: No password callback supplied)
at org.apache.ws.security.validate.UsernameTokenValidator.verifyDigestPassword(UsernameTokenValidator.java:155)
at org.apache.ws.security.validate.UsernameTokenValidator.verifyPlaintextPassword(UsernameTokenValidator.java:142)
at org.apache.ws.security.validate.UsernameTokenValidator.validate(UsernameTokenValidator.java:100)
at org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:172)
at org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:67)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:277)
... 24 more
NOTE: If the above route is deployed with Webservice with out security, it works perfectly fine.

NOTE: If you access the service directly without the CxFRoute proxy the request generated is the following and it works, and does exactly what it needs to do.
2013-08-05 22:55:33,216 | INFO | ices/TestService | TestServicePortType | 111 - org.apache.cxf.cxf-api - 2.7.3 | Inbound Message
----------------------------
ID: 17
Address: http://localhost:8040/services/TestService
Encoding: UTF-8
Http-Method: POST
Content-Type: text/xml;charset=UTF-8
Headers: {accept-encoding=, connection=, Content-Length=, content-type=, Host=, SOAPAction=, User-Agent=}
Payload: <soapenv:Envelope xmlns:ser="http://www.talend.org/service/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsseSmiley Frustratedecurity soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:UsernameTo... wsu:Id="UsernameToken-24"><wsse:Username>karaf</wsse:Username><wsseSmiley Tongueassword Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">kar...Smiley Tongue EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">+vez...Smiley Frustrated soapenv:mustUnderstand="1">http://www.talend.org/service/TestServiceOperation</wsa:Action><wsa:MessageID soapenv:mustUnderstand="1">uuid:405fb727-0fec-45be-b7fc-8cc221375991</wsa:MessageID><wsa:To soapenv:mustUnderstand="1">http://localhost:8040/services/TestService</wsa:To></soapenv:Header>
<soapenv:Body>
<ser:TestServiceOperationRequest>
<in>test</in>
</ser:TestServiceOperationRequest>
</soapenv:Body>
</soapenv:Envelope>
One Star

Re: CxF component is throwing errors when we use WSDL file with WS Policy

Hi,
I am facing the same issue. Were you able to solve it? if Yes, how the call back was supplied to the route?