ws-fx-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dittmann, Werner" <>
Subject AW: PasswordCallback exception messages
Date Wed, 27 Jul 2005 06:03:20 GMT

well, at the level of the WSSecurityEngine we could add
the original exeption that causes the WSSecurityException.

On the other hand, if you supply too much information
why a specific security check failed you may give a malicious
person who tries to attack your system additional info how to
proceed with the attack. Thus we decided to just say:
"no password for xyz". This does not give info if there is a
user "xyz" that has no password, or if there is a user "xyz" at 


> -----Urspr√ľngliche Nachricht-----
> Von: Steve Brunton [] 
> Gesendet: Dienstag, 26. Juli 2005 20:59
> An:
> Betreff: PasswordCallback exception messages
> Had a co-worker writing some testing code against a SOAP 
> service that I
> wrote that is protected with the WS-Security using a Timestamp and
> UsernameToken in the Security Header. As he was trying to debug his
> application he kept on telling me that he was getting an error of :
> WSSecurityEngine: Callback supplied no password for:
> even though he knew that a password was being supplied in the request
> and when we watched through the TCP Monitor sure enough it was there.
> In backtracking through it looks like that in the 
> WSSecurityEngine it is
> catching the UnsupportedCallbackException that I throw in my
> PasswordCallbackHandler and not using the error message that I supply.
> If there is no user in the LDAP call I throw an
> UnsupportedCallbackException with a "noSuchUser" message. In 
> the Engine
> on line 887 it catches that and then defaults to a 
> "noPassword" message
> when it throws the WSSecurityException. Is this the planned 
> operation or
> should it allow different error responses to flow back up the 
> Exception
> chain?
> -- 
> Steve Brunton   <>  Phone: 404-885-2436
> Chief Engineer                               AOL IM : schitzo42
> CNN Internet Technologies         ICBM: 84W 23' 45" 33N 45' 29"
> <*> Borrow money from pessimists-they don't expect it back. <*>

View raw message