cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Avijit <>
Subject WS-Security + Custom Authentication
Date Wed, 07 May 2014 22:09:40 GMT

I am trying to do Custom Authentication of UsernameToken in WS-Security. I have done the following:

1. Set ws-security.validate.token property in jaxws:endpoint to false
2. Created a custom authentication class, SoapLoginInterceptor by extending AbstractPhaseInterceptor<Message>
3. Configured SoapLoginInterceptor in jaxws:inInterceptors
4. In handleMessage(Message message) method of SoapLoginInterceptor I get the Username and
Password which are present in the SOAP message header
5. The password is PasswordDigest so I get the encrypted password in SoapLoginInterceptor

How can I use this encrypted password to compare with the actual password that I get from
the persistence store. Please help.

Thanks in advance.


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message