Hi,
I have a custom callbackhandler and custom userdetailsservice in my
application.
I use cxf-rt-ws-security 2.2.1
Here is snippet from my custom callbackhandler.
protected void handleWSPasswordCallback(WSPasswordCallback callback) {
String username = callback.getIdentifer(); //For 2.3.11 this changes
to getIdentifier
String password = callback.getPassword();
try {
String encPwd =
PasswordDigest.encryptAccountPassword(password);
UsernamePasswordAuthenticationToken token = new
UsernamePasswordAuthenticationToken(username, encPwd);
Authentication auth =
authenticationManager.authenticate(token);
SecurityContextHolder.getContext().setAuthentication(auth);
} catch (Exception e) {
throw new SecurityException("Authentication Failed.");
and here is a snippet from the custom userdetailsservice.
public UserDetails loadUserByUsername(String username) throws
UsernameNotFoundException, DataAccessException {
String accountId = accountMatcher.group (1);
Account account = serviceLocator.getAccountRepository ().lookupAccount (new
Long (accountId));
// Grant our base authorities.
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority> ();
authorities.add (new GrantedAuthorityImpl (ROLE_MERCHANT_ACCOUNT));
UserDetails userDetails = new User (username, account.getPassword(), true,
true, true, account.isStatusActive (), authorities.toArray (new
GrantedAuthority[authorities.size ()]));
return userDetails;
This code works perfectly fine with cxf version 2.2.1.
The moment I change the version to 2.3.11, it starts giving me "Bad
Credentials" exception.
Can someone please help me with this. If I debug the code in 2.3.11, the
UsernamePasswordAuthenticationToken password and the password is the db is
exactly the same. I still get "Bad Credentials".
Regards,
Jasmina
I have a custom callbackhandler and custom userdetailsservice in my
application.
I use cxf-rt-ws-security 2.2.1
Here is snippet from my custom callbackhandler.
protected void handleWSPasswordCallback(WSPasswordCallback callback) {
String username = callback.getIdentifer(); //For 2.3.11 this changes
to getIdentifier
String password = callback.getPassword();
try {
String encPwd =
PasswordDigest.encryptAccountPassword(password);
UsernamePasswordAuthenticationToken token = new
UsernamePasswordAuthenticationToken(username, encPwd);
Authentication auth =
authenticationManager.authenticate(token);
SecurityContextHolder.getContext().setAuthentication(auth);
} catch (Exception e) {
throw new SecurityException("Authentication Failed.");
and here is a snippet from the custom userdetailsservice.
public UserDetails loadUserByUsername(String username) throws
UsernameNotFoundException, DataAccessException {
String accountId = accountMatcher.group (1);
Account account = serviceLocator.getAccountRepository ().lookupAccount (new
Long (accountId));
// Grant our base authorities.
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority> ();
authorities.add (new GrantedAuthorityImpl (ROLE_MERCHANT_ACCOUNT));
UserDetails userDetails = new User (username, account.getPassword(), true,
true, true, account.isStatusActive (), authorities.toArray (new
GrantedAuthority[authorities.size ()]));
return userDetails;
This code works perfectly fine with cxf version 2.2.1.
The moment I change the version to 2.3.11, it starts giving me "Bad
Credentials" exception.
Can someone please help me with this. If I debug the code in 2.3.11, the
UsernamePasswordAuthenticationToken password and the password is the db is
exactly the same. I still get "Bad Credentials".
Regards,
Jasmina