axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From juergen sorg <j.s...@fz-juelich.de>
Subject Re: axis2 rampart
Date Fri, 12 Dec 2014 14:46:50 GMT
hi joerg,

thanks for your reply.


but this do not work for me, because pwcb.getPassword() returns always 
null when usage is WSPasswordCallback.USERNAME_TOKEN. In this case you 
have to set the password with pwcb.setPassword(pw) and rampart compares 
this password with the transmitted password (but this do not work 
because the active directory transfers no passwords)

i thought there is an option in rampart to provide the transmitted 
password within the callbackhandler

gruss juergen





On 12/12/14 15:04, wp11034684-001 wrote:
> Hi,
>
> it is quite simple to fetch the username/password from the WS-Security
> UserNameToken :
>
>
> public class PasswordCBHandler
>               implements CallbackHandler
> {
>    @Override
>    public void handle( Callback[] callbacks )
>                throws IOException, UnsupportedCallbackException
>    {
>       for( Callback cb : callbacks ) {
>          WSPasswordCallback pwcb = (WSPasswordCallback)cb;
>          if( (pwcb.getUsage() == WSPasswordCallback.USERNAME_TOKEN) ||
>              (pwcb.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) )
>          {
>            String userid = pwcb.getIdentifier();
>            String pwd = pwcb.getPassword();
>
>            boolean isvalid = false;
>            // Do the authentication stuff here, leads to isvalid=true/false
>
>            if( isvalid ) {
>                logInfo( "PasswordCBHandler.handle(): "+userid+" ok." );
>                return;
>            } else {
>                logWarn( "PasswordCBHandler.handle(): "+userid+" failed." );
>                throw new UnsupportedCallbackException(cb, "check failed");
>            }
>          }
>       }
>    }
> }
>
> And in services.xml of the webservices:
>
> <service name="SomeService" scope="application"
>                                  class="xx.yy.SomeService" >
>
>     <parameter name="useOriginalwsdl">true</parameter>
>     <parameter name="modifyUserWSDLPortAddress">true</parameter>
>      <!-- some other configurations -->
>
>      <!-- Authentifizierung via WS-Security (Username-Token) -->
>      <module ref="rampart" />
>      <parameter name="InflowSecurity">
>          <action>
>             <items>UsernameToken</items>
>             <passwordCallbackClass>
>                   xx.yy.PasswordCBHandler
>             </passwordCallbackClass>
>          </action>
>      </parameter>
>
> </service>
>
>
> That should work, if rampart is activated in axis.xml.
>
> Cheers
> Jörg
>
>
>
>
>> juergen sorg <j.sorg@fz-juelich.de> hat am 12. Dezember 2014 um 12:45
>> geschrieben:
>>
>>
>> hi,
>>
>> i tried to authenticate soap service users against an microsoft active
>> directory.
>> is it possible within the CallbackHandler to get the password provided
>> by the user within the soap message?
>>
>> i read something about getUsage==USERNAME_TOKEN_UNKOWN but i do not know
>> the settings in rampart to get axis call the callback in this way. (in
>> this case the password sould be provided by WSPasswordCallback.getPassword)
>>
>> i also tried to get a MessageContext within the callback routine. but
>> this is not possible. the result of getCurrentMessageContext is null.
>>
>> thanks in advance
>>
>>
>> gruss juergen
>>
>>
>>
>>



Mime
View raw message