Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Pending Closed
-
2.7.16
-
Unknown
Description
In AbstractBindingBuilder the presence of a callbackhandler is required to generate a signature. If not a PolicyException is generated.
Caused by: org.apache.cxf.ws.policy.PolicyException: No callback handler and no password available at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.policyNotAsserted(AbstractBindingBuilder.java:313) at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.getPassword(AbstractBindingBuilder.java:1003) at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.getSignatureBuilder(AbstractBindingBuilder.java:1832) at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doSignature(AsymmetricBindingHandler.java:567)
With the addition of the property org.apache.ws.security.crypto.merlin.keystore.private.password in wss4j, a callbackhandler to retrieve the private key password isn't strictly necessary anymore. Can CXF be adapted in this way?
Currently we define an empty callbackhandler just to satisfy CXF
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
}