axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sven Schroebler" <sven.schroeb...@uni-muenster.de>
Subject AW: [Axis2] UsernameToken Authentication in Rampart
Date Fri, 16 Mar 2007 10:57:27 GMT
Thanks Ruchith, now it works with PasswordDigest!

Best Regards,
Sven

-----Ursprüngliche Nachricht-----
Von: Ruchith Fernando [mailto:ruchith.fernando@gmail.com] 
Gesendet: Freitag, 16. März 2007 09:01
An: axis-user@ws.apache.org
Betreff: Re: [Axis2] UsernameToken Authentication in Rampart

Hi Sven,

When using password digest mechanism the authentication is carried out
by Rampart. At the callback handler you are expected to set the
password in the WSPasswordCallback instance passed into the callback
handler. This password value will be used by Rampart to generate the
digest value and compare with the value in the incoming username
token.

Thanks,
Ruchith

On 3/14/07, Sven Schroebler <sven.schroebler@uni-muenster.de> wrote:
> Hello everybody,
>
> how can I access the password that was submitted in the PasswordDigest
from
> a UsernameToken to authenticate a username/password?
>
> I am using UsernameToken authentication to secure my webservice (Axis2
1.1.1
> with Rampart 1.1). I configured the client for Outflow-Security and the
> server for Inflow-Security. After calling the webservice from the client,
> when the callbackhandler of the service on the server is called, the
> WSPasswordCallback-Instance only contains the username of the Token, not
the
> password (although present in the SOAP-Header).
>
> In contrast to that I can access the password in the service's
> callbackhandler if I switch the PasswordType to "PasswordText" on the
client
> side (in plain text of course).
>
> Is it possible at all to authenticate against the submitted password
digest?
> Why does the WSPasswordCallback not cotain the value of "PasswordDigest",
> nor the password? I would prefer using PasswordDigest authentication
rather
> than using PasswordText.
>
> I would greatly appreciate, if someone could give me a hint or a pointer
to
> more detailed information. The only information I found is this:
>
> [1] - http://wso2.org/library/240
> [2] - http://wso2.org/library/234
>
>
>
> Best Regards,
> Sven
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>


-- 
www.ruchith.org
www.wso2.org

---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org


Mime
View raw message