cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Kulp <dk...@apache.org>
Subject Re: Header Validation with Ws-Security
Date Wed, 28 Jan 2015 17:31:55 GMT


Definitely a strange use case.   Normally if the user cannot be validated, a fault would have
been raised so if a fault isn’t raised, then we know the user was validated and no need
for a strange header.

That said, an Interceptor on the “out" chain could look at the incoming message and add
an additional header if necessary.    

Another note:

> <ns1:Security>true</ns1:Security>

would be completely invalid if ns1 is the wss-wssecurity-secext-1.0.xsd namespace.   Would
have to have element content.

Dan



> On Jan 28, 2015, at 7:04 AM, sdm <swarnadeep.mandal@gmail.com> wrote:
> 
> I need to develop webservice using cxf and WS-security which i have done
> (standard recommendation)and looks like
> 
> public class ServerPasswordCallback implements CallbackHandler {
>    public void handle(Callback[] callbacks) throws IOException,
> UnsupportedCallbackException {
>        WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
> 
>        if ("someusername".equals(pc.getIdentifier())) {
>            System.out.println("pc.getPassword() " + pc.getPassword());
>            pc.setPassword("somepassword");
>        }
> 
>    }
> }
> The issue is that the user validation result needs to be in the header.
> 
> 
> <SOAP-ENV:Envelope
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-
> wss-wssecurity-secext-1.0.xsd" >
> <SOAP-ENV:Header>
> <ns1:Security>true</ns1:Security>
> </SOAP-ENV:Header>...........</SOAP-ENV:Envelope>
> 
> If i am not wrong that I need to validate the usertoken in some custom
> interceptor or modify the ServerPasswordCallback.How should i go about it
> and what could be the advantages? Apologies if anyone has already answered
> this.You can also direct me to the link.Thanks in advance.
> 
> 
> 
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Header-Validation-with-Ws-Security-tp5753662.html
> Sent from the cxf-user mailing list archive at Nabble.com.

-- 
Daniel Kulp
dkulp@apache.org - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com


Mime
View raw message