Details
-
Type:
Improvement
-
Status: Closed
-
Priority:
Major
-
Resolution: Pending Closed
-
Affects Version/s: 2.7.16
-
Component/s: WS-* Components
-
Labels:
-
Estimated Complexity:Unknown
Description
In AbstractBindingBuilder the presence of a callbackhandler is required to generate a signature. If not a PolicyException is generated.
Caused by: org.apache.cxf.ws.policy.PolicyException: No callback handler and no password available at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.policyNotAsserted(AbstractBindingBuilder.java:313) at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.getPassword(AbstractBindingBuilder.java:1003) at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.getSignatureBuilder(AbstractBindingBuilder.java:1832) at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doSignature(AsymmetricBindingHandler.java:567)
With the addition of the property org.apache.ws.security.crypto.merlin.keystore.private.password in wss4j, a callbackhandler to retrieve the private key password isn't strictly necessary anymore. Can CXF be adapted in this way?
Currently we define an empty callbackhandler just to satisfy CXF
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
}