How to pass values into UsernameTokenPasswordClientCallback

[arolfes]

Hi,

I followed you guide for WS-Security on the client side.
https://quarkiverse.github.io/quarkiverse-docs/quarkus-cxf/dev/ws-security.html#ws-security-client

This is the outcome: https://github.com/arolfes/quarkus-soapclient-wss4j

But I needed to hardcode the username and password in UsernameTokenPasswordClientCallback.

My question is: How to inject a value from a properties file there?

[arolfes]

I think I solved the problem. But I want to know if this is a proper way to do it.

I use the org.eclipse.microprofile.config.ConfigProvider.getConfig().getValue("PROPERTY_KEY", ClassType) Method.

so my code is now:

import javax.security.auth.callback.Callback
import javax.security.auth.callback.CallbackHandler
import org.apache.wss4j.common.ext.WSPasswordCallback
import org.eclipse.microprofile.config.ConfigProvider

class UsernameTokenPasswordClientCallback : CallbackHandler {

    override fun handle(callbacks: Array<out Callback>) {
        val username = ConfigProvider.getConfig().getValue(WSS4J_USERNAME_PROP_KEY, String::class.java)
        val password = ConfigProvider.getConfig().getValue(WSS4J_PASSWORD_PROP_KEY, String::class.java)
        val wpc = callbacks[0] as WSPasswordCallback
        if (wpc.identifier == username) {
            wpc.password = password
        }
    }

    companion object {
        private const val WSS4J_USERNAME_PROP_KEY = "wss4j.username"
        private const val WSS4J_PASSWORD_PROP_KEY = "wss4j.password"
    }

}

[shumonsharif]

Hey @arolfes What you put together is one way to do it. I think a slightly cleaner approach may be to:

• Mark your UsernameTokenPasswordClientCallback class with @Singleton and @Startup - this will make it a CDI bean that gets initialized at startup, and this will also allow you to inject config values in the class.
• Inject an instance of your new bean, and use PW_CALLBACK_REF instead of PW_CALLBACK_CLASS:

        @Inject
        UsernameTokenPasswordClientCallback utpcc;

        outProps.put(ConfigurationConstants.PW_CALLBACK_REF, utpcc);

I did not test this, but I believe it should work - let us know in case you have try it and have some success.

[arolfes]

Hi @shumonsharif ,

thank you for your reply. Very helpful and exactly I was looking for.

so I changed my code to the following and it's still working :-)

import io.quarkus.runtime.Startup
import javax.inject.Singleton
import javax.security.auth.callback.Callback
import javax.security.auth.callback.CallbackHandler
import org.apache.wss4j.common.ext.WSPasswordCallback
import org.eclipse.microprofile.config.inject.ConfigProperty

@Singleton
@Startup
class UsernameTokenPasswordClientCallback(
    @ConfigProperty(name = "wss4j.username") val username: String,
    @ConfigProperty(name = "wss4j.password") val password: String
) : CallbackHandler {

    override fun handle(callbacks: Array<out Callback>) {
        val wpc = callbacks[0] as WSPasswordCallback
        if (wpc.identifier == username) {
            wpc.password = password
        }
    }
}

and the configuriation for the wss4jinterceptor looks like this:

    @ConfigProperty(name = "wss4j.username")
    lateinit var wss4jUsername: String

    @Inject
    lateinit var usernameTokenPasswordClientCallback: UsernameTokenPasswordClientCallback

    @Produces
    fun getWSS4JOutInterceptor(): WSS4JOutInterceptor {
        val outProps: MutableMap<String, Any> = mutableMapOf(
            ConfigurationConstants.ACTION to WSHandlerConstants.USERNAME_TOKEN,
            ConfigurationConstants.PASSWORD_TYPE to WSConstants.PW_TEXT,
            ConfigurationConstants.PW_CALLBACK_REF to usernameTokenPasswordClientCallback,
            ConfigurationConstants.USER to wss4jUsername
        )
        return WSS4JOutInterceptor(outProps)
    }

[gituharish]

I was excited seeing this discussion as i had tried to get this callback handler configurable but did not get anywhere. Based on the answer marked here, i tried replicating the implementation but is still not fruitful. Could anybody help me find out what i missing out in this implementation?

https://github.com/gituharish/quarkus-cxf-wss/blob/master/src/main/java/io/quarkiverse/it/cxf/UsernameTokenPasswordServerCallback.java

config params does not get loaded as appProperties injected is null in my case.

java.lang.NullPointerException: Cannot invoke "io.quarkiverse.it.cxf.properties.AppProperties.username()" because "this.appProperties" is null
at io.quarkiverse.it.cxf.UsernameTokenPasswordServerCallback.(UsernameTokenPasswordServerCallback.java:28)

[arolfes]

Hi @gituharish ,

the appProperties are null during default constructor execution because inject is called afterwards.

pass the appProperties as parameter into the constructor

try this:

public class UsernameTokenPasswordServerCallback implements CallbackHandler {

    public Map<String, String> passwords = new HashMap();

    public UsernameTokenPasswordServerCallback(AppProperties appProperties) {
        this.passwords.put(appProperties.username(), appProperties.password());
//        this.passwords.put("testuser", "testpwd");
    }

    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
        .
        .
        .
    }
}

[gituharish]

Works like a charm! Thankyou @arolfes :)