axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tania Marinova <taniamm2...@yahoo.com>
Subject how o use stored password in a database which rampart should verify
Date Mon, 06 May 2013 14:52:19 GMT
   Hello I 've made a an axis  2 web service which stores the user hashed password in a database.
So it's obvious that I shold add some kind of security to my web service so i use rampart!



But it's written that in a real application, you'd naturally 
want to use some other mechanism  (such as a database or an external 
security mechanism) to verify the username and password combination. 
so it  seems that I can't understand how to make the implementtion - so I will hash  password
with salt salt  and to store it in a database and then I don't know what to do next. 
could you recommend the steps

So you will see that in my request from javascript the password is also seen so it seens that
this should also be changes! 

Thank you in advance!


and here is my password callabck class
p
ublic classPWCBHandlerimplementsCallbackHandler{publicvoidhandle(Callback[]callbacks)throwsIOException,UnsupportedCallbackException{for(inti
=0;i <callbacks.length;i++//When the server side need to authenticate the userWSPasswordCallbackpwcb
=(WSPasswordCallback)callbacks[i];if(pwcb.getIdentifier().equals("bob")){pwcb.setPassword("bobPW");}}//When
the client requests for the password to be added in to the //UT element}

and here is the request from javascrip


------------------------------------------------------------

 
 
var sr =
"<?xml version=\"1.0\" encoding=\"utf-8\"?>" +
"<soapenv:Envelope " + 

"xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" " +
"xmlns:nlo=\"http://nlo\">"+
"<soapenv:Header>"+
'<wsse:Security xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\"
soapenv:mustUnderstand="1">'+
'<wsse:UsernameToken xmlns:wsu="http://docs.oasisopen.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="123">'+
'<wsse:Username>bob</wsse:Username>'+
'<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">bobPW</wsse:Password>'+
'</wsse:UsernameToken>'+
'</wsse:Security>'+
"</soapenv:Header>"+
"<soapenv:Body>" +
"<nlo:InsertIntoDB>" +
'<nlo:data>'+xml+'</nlo:data>' +
' </nlo:InsertIntoDB>'+

'</soapenv:Body>' +
'</soapenv:Envelope>';





xmlhttp.onreadystatechange = function () 
{
if (xmlhttp.readyState == 4) 
{
if (xmlhttp.status == 200) 
{

alert(xmlhttp.responseText);
}
}
}
// Send the POST request
xmlhttp.open('POST', 'http://localhost:8080/axis2/services/hash_pass_security?wsdl', true);
xmlhttp.setRequestHeader('Content-Type', 'text/xml');
xmlhttp.send(sr);
// send request



} 


} 
Mime
View raw message