I’m in the process of creating a client for a web service. I keep getting the following error:
AxisFault
faultCode: {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}InvalidSecurity
faultSubcode:
faultString:
Security Data : General security error (WSSecurityEngine: Callback supplied no password for: TestMerchant)
faultActor:
faultNode:
faultDetail: {http://xml.apache.org/axis/}
stackTrace:
Security Data : General security error (WSSecurityEngine: Callback supplied no password for: TestMerchant)
This is my environment here:
- Intellij IDEA IDE
- Apache Axis
- Apache WSS4J 1.5.1
- Apache XML Security 1.4.0
- JDK 1.6
- Max OS X
Although searching on the internet provides a lot of examples of how the security header can be added to the request via XML configuration, my requirement is to do this dynamically via the program. So here is my code:
public class AxisClient implements CallbackHandler {
ServerEnvironment environment;
AxisClient(ServerEnvironment environment) {
this.environment = environment;
}
public enum ServerEnvironment {
LIVE("https://ics2ws.ic3.com/commerce/1.x/transactionProcessor"),
TEST("https://ics2wstest.ic3.com/commerce/1.x/transactionProcessor");
String url;
ServerEnvironment (String url) {
this.url = url;
}
public String getUrl() {
return url;
}
}
public enum Merchant {
TestMerchant ("testpassword");
private String transactionKey;
Merchant(String transactionKey) {
this.transactionKey = transactionKey;
}
public String getTransactionKey() {
return transactionKey;
}
}
public static void main(String[] argv) {
String ani = "7162502800";
String zipCode = "14221";
String ccNum ="5555555555554444";
String expMonth = "01";
String expYear = "15";
String cvv = "123";
String unitPrice = "9.99";
String qty = "2";
try {
new AxisClient(ServerEnvironment.TEST).doAuth(Merchant.TestMerchant, ani, zipCode, ccNum, expMonth, expYear, cvv, String.valueOf(new Date().getTime()), unitPrice, qty);
}
catch (Exception e) {
e.printStackTrace();
}
}
public Boolean doAuth(Merchant merchant, String ani, String zipCode, String ccNum, String expMonth, String expYear, String cvv, String id, String unitPrice, String qty) throws Exception {
Boolean result = false;
RequestMessage request;
BillTo billTo;
Card card;
PurchaseTotals purchaseTotals;
Item item;
Item[] items;
ReplyMessage reply;
try {
// billing info
billTo = new BillTo();
billTo.setPhoneNumber(ani);
billTo.setPostalCode(zipCode);
// card info
card = new Card();
card.setAccountNumber(ccNum);
card.setExpirationMonth(new BigInteger(expMonth));
card.setExpirationYear(new BigInteger(expYear));
card.setCvNumber(cvv);
// currency info
purchaseTotals = new PurchaseTotals();
purchaseTotals.setCurrency("USD");
// item
item = new Item();
item.setId(new BigInteger(id));
item.setUnitPrice(unitPrice);
item.setQuantity(new BigInteger(qty));
// add item to items array
items = new Item[1];
items[0] = item;
// create our request
request = new RequestMessage();
request.setMerchantID(merchant.toString());
request.setCcAuthService(new CCAuthService());
request.getCcAuthService().setRun("true");
// add request specific params
request.setBillTo(billTo);
request.setCard(card);
request.setPurchaseTotals(purchaseTotals);
request.setItem(items);
reply = post(merchant, request);
if (reply != null) {
System.out.println(ReflectionToStringBuilder.toString(reply, ToStringStyle.MULTI_LINE_STYLE));
}
}
catch (Exception e) {
throw e;
}
return result;
}
public EngineConfiguration createConfigurationWithSecurityHeaders(Merchant merchant) throws Exception {
SimpleProvider result;
Handler securityHandler;
SimpleChain requestHandler;
SimpleChain responseHandler;
Handler pivot;
Handler transport;
try {
result = new SimpleProvider();
securityHandler = new WSDoAllSender();
securityHandler.setOption(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
securityHandler.setOption(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PASSWORD_TEXT);
securityHandler.setOption(WSHandlerConstants.PW_CALLBACK_REF, this);
securityHandler.setOption(WSHandlerConstants.USER, merchant.toString());
securityHandler.setOption(WSHandlerConstants.MUST_UNDERSTAND, "false");
requestHandler = new SimpleChain();
requestHandler.addHandler(securityHandler);
responseHandler = new SimpleChain();
responseHandler.addHandler(securityHandler);
pivot = new HTTPSender();
transport = new SimpleTargetedChain(requestHandler, pivot, responseHandler);
result.deployTransport(HTTPTransport.DEFAULT_TRANSPORT_NAME, transport);
}
catch (Exception e) {
throw e;
}
return result;
}
public ReplyMessage post (Merchant merchant, RequestMessage request) throws Exception {
ReplyMessage result;
TransactionProcessorLocator locator;
URL endPoint;
ITransactionProcessorStub stub;
EngineConfiguration configuration;
try {
locator = new TransactionProcessorLocator();
// use client config
configuration = createConfigurationWithSecurityHeaders(merchant);
locator.setEngineConfiguration(configuration);
locator.setEngine(new org.apache.axis.client.AxisClient(configuration));
endPoint = new URL(environment.getUrl());
stub = (ITransactionProcessorStub) locator.getportXML(endPoint);
stub._setProperty(WSHandlerConstants.USER, request.getMerchantID());
stub._setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
stub._setProperty(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PASSWORD_TEXT);
stub._setProperty(WSHandlerConstants.PW_CALLBACK_REF, this);
stub._setProperty(WSHandlerConstants.MUST_UNDERSTAND, "false");
result = stub.runTransaction(request);
}
catch (Exception e) {
throw e;
}
return result;
}
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (Callback callback : callbacks) {
System.out.println(ReflectionToStringBuilder.toString(callback, ToStringStyle.MULTI_LINE_STYLE));
if (callback instanceof WSPasswordCallback) {
WSPasswordCallback passwordCallback = (WSPasswordCallback) callback;
switch (Merchant.valueOf(passwordCallback.getIdentifer())) {
case TestMerchant:
passwordCallback.setPassword(Merchant.TestMerchant.getTransactionKey());
System.out.println(ReflectionToStringBuilder.toString(passwordCallback, ToStringStyle.MULTI_LINE_STYLE));
break;
default:
throw new UnsupportedCallbackException(callback, "Unrecognized prompt!");
}
}
else {
throw new UnsupportedCallbackException(callback, "Unrecognized callback!");
}
}
}
}
As you can see from the above, my class implements CallbackHandler and I’m overriding handle() which provides the password for WSPasswordCallback.
Here is the output of the print statement for when I get the callback first:
org.apache.ws.security.WSPasswordCallback@50c713d2[
identifier=TestMerchant
password=<null>
key=<null>
usage=2
passwordType=<null>
]
Here is the output for after setting the password:
org.apache.ws.security.WSPasswordCallback@50c713d2[
identifier=TestMerchant
password=testpassword
key=<null>
usage=2
passwordType=<null>
]
So I’m not really sure why I keep getting that error message. Any help in solving this issue will be greatly appreciated.
Also recommendations for a different approach (axis2, cxf) are welcome.
Here is my full stack trace if it is of any help:
AxisFault
faultCode: {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}InvalidSecurity
faultSubcode:
faultString:
Security Data : General security error (WSSecurityEngine: Callback supplied no password for: TestMerchant)
General security error (WSSecurityEngine: Callback supplied no password for: TestMerchant)
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:
Security Data : General security error (WSSecurityEngine: Callback supplied no password for: TestMerchant)
General security error (WSSecurityEngine: Callback supplied no password for: TestMerchant)
at org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:222)
at org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:129)
at org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087)
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.endElement(AbstractSAXParser.java:601)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanEndElement(XMLDocumentFragmentScannerImpl.java:1782)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2939)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:648)
at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(XMLNSDocumentScannerImpl.java:140)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:511)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:808)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:737)
at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:119)
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1205)
at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:522)
at javax.xml.parsers.SAXParser.parse(SAXParser.java:395)
at org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227)
at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)
at org.apache.axis.Message.getSOAPEnvelope(Message.java:435)
at org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:62)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:206)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at itg.cybersource.axis.ITransactionProcessorStub.runTransaction(ITransactionProcessorStub.java:1284)
at itg.AxisClient.post(AxisClient.java:208)
at itg.AxisClient.doAuth(AxisClient.java:132)
at itg.AxisClient.main(AxisClient.java:75)
{http://xml.apache.org/axis/}hostname:C02GD302DRJL.local
Security Data : General security error (WSSecurityEngine: Callback supplied no password for: TestMerchant)
General security error (WSSecurityEngine: Callback supplied no password for: TestMerchant)
at org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:222)
at org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:129)
at org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087)
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.endElement(AbstractSAXParser.java:601)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanEndElement(XMLDocumentFragmentScannerImpl.java:1782)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2939)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:648)
at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(XMLNSDocumentScannerImpl.java:140)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:511)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:808)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:737)
at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:119)
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1205)
at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:522)
at javax.xml.parsers.SAXParser.parse(SAXParser.java:395)
at org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227)
at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)
at org.apache.axis.Message.getSOAPEnvelope(Message.java:435)
at org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:62)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:206)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at itg.cybersource.axis.ITransactionProcessorStub.runTransaction(ITransactionProcessorStub.java:1284)
at itg.AxisClient.post(AxisClient.java:208)
at itg.AxisClient.doAuth(AxisClient.java:132)
at itg.AxisClient.main(AxisClient.java:75)
After many days of trying very many different things, I finally figured out the answer to my problem. Talk about the problem being in between the keyboard and the chair!!!!!
So without further ado here is what the issue was:
Now
WSConstants.PASSWORD_TEXTactually equates to"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText". What I must have really been using isWSConstants.PW_TEXTwhich equates to"PasswordText"which is exactly what I needed in my code. Once I made the change, everything works beautifully.Contrary to popular belief, you can do all this entirely in a programmatic manner. You DO NOT need to configure the WSDD xml for you to intercept a message and handle WS-Security in the SOAP header. To tidy up loose ends, here is what the modified methods look like:
Once these modifications are made, your client will work. Please keep in mind that a few of the settings above are specific to the service I’m integrating with. You might have to tweak these to suit your integration which might require a little trial and error.
Thanks again to all the people who post incredibly knowledgeable articles in SO enabling users like me solve problems we come across every now and then.