can't handle <entry key="passwordType" value="PasswordDigest" />

[GoogleCodeExporter]

What steps will reproduce the problem?
1.
2.
3.

What is the expected output? What do you see instead?

What version of the product are you using? On what operating system?

Please provide any additional information below.

Original issue reported on code.google.com by raymond....@gmail.com on 19 Jul 2010 at 10:38

[GoogleCodeExporter]

the following is my client=bean.xml
     <bean id="wss4jOutConfiguration" class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
            <property name="properties">
                  <map>
                        <entry key="action" value="UsernameToken"/>
                        <entry key="user" value="wsclient" />
                        <entry key="passwordType" value="PasswordDigest" />
<!--                         
                        <entry key="passwordType" value="PasswordText"/>
-->                        
                        <entry key="passwordCallbackClass" 
                            value="com.ray.UTPasswordCallback"/>

                  </map>
            </property>
      </bean>   

Original comment by raymond....@gmail.com on 19 Jul 2010 at 10:41

[GoogleCodeExporter]

This is my server xml

    <bean id="wss4jInConfiguration" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
                <constructor-arg>
                    <map>
                        <entry key="action" value="UsernameToken"/>
                        <entry key="passwordType" value="PasswordDigest"/>
<!--                         
                        <entry key="passwordType" value="PasswordText"/>
 -->                        
<!--                            
                        <entry key="passwordCallbackRef">
                            <ref bean="passwordCallback"/>
 -->                            
                            <ssec:server-password-callback-handler logExceptions="true" nestExceptions="false"/>
                        </entry>
                    </map>
                </constructor-arg>
    </bean>
    <bean id="passwordCallback"
        class="com.ray.UTPasswordCallback" />

    <security:authentication-manager alias='authenticationManagerAlias'>
        <security:authentication-provider  ref="customAuthenticationProvider" /> 
    </security:authentication-manager>

Original comment by raymond....@gmail.com on 19 Jul 2010 at 10:43

[GoogleCodeExporter]

It work for 
1. use passwordCallbackRef with PasswordDigest
2. use passwordCallbackRef with PasswordText
3. use ssec:server-password-callback-handler with PasswordText

However, it don't work with 
4. use ssec:server-password-callback-handler with PasswordDigest

Original comment by raymond....@gmail.com on 19 Jul 2010 at 10:45

[GoogleCodeExporter]

The customAuthenticationProvider have already been confirmed by other spring 
security projects. 

The UTPasswordCallback is just a testing stuff that contain the following code
    public UTPasswordCallback() {
        passwords.put("ray", "ray");
        passwords.put("wsclient", "hello123");
    }

    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
        for (int i = 0; i < callbacks.length; i++) {
            WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
            String pass = passwords.get(pc.getIdentifier());
            if (pass != null) {
    pc.setPassword(pass);
                return;
            }
        }

        //
        // Password not found
        //
        throw new IOException();
    }

Original comment by raymond....@gmail.com on 19 Jul 2010 at 10:49

[GoogleCodeExporter]

Suggestion:

Should it better to override the WSS4JInInterceptor.handleMessage() than to 
override the CallbackHandler.handle() to process the SS authentication?

Original comment by raymond....@gmail.com on 19 Jul 2010 at 10:52