axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sven Schroebler" <>
Subject AW: [Axis2] UsernameToken Authentication in Rampart
Date Fri, 16 Mar 2007 10:57:27 GMT
Thanks Ruchith, now it works with PasswordDigest!

Best Regards,

-----Ursprüngliche Nachricht-----
Von: Ruchith Fernando [] 
Gesendet: Freitag, 16. März 2007 09:01
Betreff: Re: [Axis2] UsernameToken Authentication in Rampart

Hi Sven,

When using password digest mechanism the authentication is carried out
by Rampart. At the callback handler you are expected to set the
password in the WSPasswordCallback instance passed into the callback
handler. This password value will be used by Rampart to generate the
digest value and compare with the value in the incoming username


On 3/14/07, Sven Schroebler <> wrote:
> Hello everybody,
> how can I access the password that was submitted in the PasswordDigest
> a UsernameToken to authenticate a username/password?
> I am using UsernameToken authentication to secure my webservice (Axis2
> with Rampart 1.1). I configured the client for Outflow-Security and the
> server for Inflow-Security. After calling the webservice from the client,
> when the callbackhandler of the service on the server is called, the
> WSPasswordCallback-Instance only contains the username of the Token, not
> password (although present in the SOAP-Header).
> In contrast to that I can access the password in the service's
> callbackhandler if I switch the PasswordType to "PasswordText" on the
> side (in plain text of course).
> Is it possible at all to authenticate against the submitted password
> Why does the WSPasswordCallback not cotain the value of "PasswordDigest",
> nor the password? I would prefer using PasswordDigest authentication
> than using PasswordText.
> I would greatly appreciate, if someone could give me a hint or a pointer
> more detailed information. The only information I found is this:
> [1] -
> [2] -
> Best Regards,
> Sven
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:


To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message