[CXF-6400] Make ws-security.callback-handler optional for generating a WS-Security signature - ASF JIRA

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Pending Closed
Affects Version/s: 2.7.16
Fix Version/s: 3.1.1, 3.0.6
Component/s: WS-* Components
Labels:
- easyfix

Estimated Complexity:
Unknown

Description

In AbstractBindingBuilder the presence of a callbackhandler is required to generate a signature. If not a PolicyException is generated.

Caused by: org.apache.cxf.ws.policy.PolicyException: No callback handler and no password available
	at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.policyNotAsserted(AbstractBindingBuilder.java:313)
	at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.getPassword(AbstractBindingBuilder.java:1003)
	at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.getSignatureBuilder(AbstractBindingBuilder.java:1832)
	at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doSignature(AsymmetricBindingHandler.java:567)

https://github.com/apache/cxf/blob/71e20b4f5b918005055589b47e40f37733721676/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java#L931

With the addition of the property org.apache.ws.security.crypto.merlin.keystore.private.password in wss4j, a callbackhandler to retrieve the private key password isn't strictly necessary anymore. Can CXF be adapted in this way?

Currently we define an empty callbackhandler just to satisfy CXF

    @Override
    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    }

Attachments

Activity

People

Assignee:

Colm O hEigeartaigh

Reporter:

Willem Salembier

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

12/May/15 08:00

Updated:

14/Oct/16 14:25

Resolved:

12/May/15 15:41