axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Gainty <mgai...@hotmail.com>
Subject RE: axis2 rampart
Date Fri, 12 Dec 2014 15:04:06 GMT

> Date: Fri, 12 Dec 2014 12:45:51 +0100
> From: j.sorg@fz-juelich.de
> To: java-user@axis.apache.org
> Subject: axis2 rampart
> 
> hi,
MG>Guten Tag
> 
> i tried to authenticate soap service users against an microsoft active
> directory.
> is it possible within the CallbackHandler to get the password provided
> by the user within the soap message?
> 
> i read something about getUsage==USERNAME_TOKEN_UNKOWN but i do not know
> the settings in rampart to get axis call the callback in this way. (in
> this case the password sould be provided by WSPasswordCallback.getPassword)
> 
> i also tried to get a MessageContext within the callback routine. but
> this is not possible. the result of getCurrentMessageContext is null.
MG>public class TestCBHandler implements javax.security.auth.callback.CallbackHandler{
MG>  public void handle(javax.security.auth.callback.Callback[] callbacks) throws IOException,
javax.security.auth.callback.UnsupportedCallbackException
{
        for (javax.security.auth.callback.Callback callback : callbacks) {
            if (callback instanceof org.apache.ws.security.WSPasswordCallback) {
                org.apache.ws.security.WSPasswordCallback pc = (org.apache.ws.security.WSPasswordCallback)
callback;
                /*
                * This usage type is used only in case we received a
                * username token with a password of type PasswordText or
                * an unknown password type.
                *
                * This case the WSPasswordCallback object contains the
                * identifier (aka username), the password we received, and
                * the password type string to identify the type.
                *
                * Here we perform only a very simple check.
                */
                if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
                    if (pc.getIdentifier().equals("Username") ) { //default is Username
                        return;
                    }
                    if (pc.getPassword().equals("Password")) { //default is Password
                        return;
                    }
                    throw new javax.security.auth.callback.UnsupportedCallbackException(callback,"check
failed");
                }
MG>then in your rampartConfig
<wsp:Policy wsu:Id="5" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
    <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> 
        <ramp:user>UnencryptedUsername</ramp:user>
        <ramp:encryptionUser>Username</ramp:encryptionUser>
        <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
        
        <ramp:signatureCrypto>
<!-- merlin  only supports keys < 1024b...if you want stronger go with bouncycastle
-->
            <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
                <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<!-- make sure the jks exists and the password for this jks matches the password below
-->
                <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
<!-- here is the password which must match the password from the above .jks -->
                <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">Password</ramp:property>
            </ramp:crypto>
        </ramp:signatureCrypto>
    </ramp:RampartConfig>
> 
> thanks in advance
> 
> 
> gruss juergen
> 
MG>mit freundlichen grüßen
MG>Martin
> 
> 
 		 	   		  
Mime
View raw message