axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shah, Sumit (CGI Federal)" <Sumit.S...@cgifederal.com>
Subject Rampart and WSS4J 1.6.x - USERNAME_TOKEN validation in Rampart WS-Password Callback Handler
Date Tue, 05 Mar 2013 20:48:02 GMT
WSS4j 1.6.x deprecated the use of WSPasswordCallback.USERNAME_TOKEN_UNKNOWN (http://coheigea.blogspot.com/2011/02/usernametoken-processing-changes-in.html)
which was one of the methods to validate the plain text passwords on the server side (@see
Rampart Policy Sample01). Now,  because of the deprecation it does not seem to be possible
to validate plaintext password, especially when the server side callback handler does not
have access to the plain text password to validate against the password on the incoming request.
It seems like CXF has a way to plugin custom validators for WSS4J 1.6.x to support this model
(http://coheigea.blogspot.com/2011/06/custom-token-validation-in-apache-cxf.html).

I would appreciate any thoughts from the community. Maybe I am missing something.

Thanks
Sumit

Mime
View raw message