cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: Header Validation with Ws-Security
Date Wed, 28 Jan 2015 15:12:24 GMT
Why does the user validation result need to be in the header? This is not
standard behaviour.

Colm.

On Wed, Jan 28, 2015 at 12:04 PM, sdm <swarnadeep.mandal@gmail.com> wrote:

> I need to develop webservice using cxf and WS-security which i have done
> (standard recommendation)and looks like
>
> public class ServerPasswordCallback implements CallbackHandler {
>     public void handle(Callback[] callbacks) throws IOException,
> UnsupportedCallbackException {
>         WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
>
>         if ("someusername".equals(pc.getIdentifier())) {
>             System.out.println("pc.getPassword() " + pc.getPassword());
>             pc.setPassword("somepassword");
>         }
>
>     }
> }
> The issue is that the user validation result needs to be in the header.
>
>
> <SOAP-ENV:Envelope
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-
> wss-wssecurity-secext-1.0.xsd" >
> <SOAP-ENV:Header>
> <ns1:Security>true</ns1:Security>
> </SOAP-ENV:Header>...........</SOAP-ENV:Envelope>
>
> If i am not wrong that I need to validate the usertoken in some custom
> interceptor or modify the ServerPasswordCallback.How should i go about it
> and what could be the advantages? Apologies if anyone has already answered
> this.You can also direct me to the link.Thanks in advance.
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/Header-Validation-with-Ws-Security-tp5753662.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message