Hi,
Yes ... you are on the right track as for the usage of the password callback.
I will explain how to handle your case specifically:
You will have to create a ServiceClient (or use stub) in the web
application and call the web service. And the configuration context
used for this client will have to be created using a repository with
the "rampart" module in it. This repository can be anywhere that is
accessible by the client/stub in the web app.
You must also provide an axis2.xml file to when creating the above
configuration context that is to be used by the client. This axis2.xml
will contain the security configuration and it should appear as shown
below:
<module ref="rampart" />
<parameter name="OutflowSecurity">
<action>
<items>UsernameToken</items>
<passwordCallbackClass>your.password.CallbackHandlerClass</passwordCallbackClass>
<passwordType>PasswordText</passwordType>
</action>
</parameter>
Usually we will have a <user>yourusrname</user> child element within
the <action> element. But in this case we are leaving it out since
your client will have to deal with different usernames.
The point at which when your client is called you will have the
username that you want to include in the UsernameToken. Now you will
have to set that username as a parameter in the options object of the
service client or the stub.
In the case of ServiceClient you can do the following:
ServiceClient serviceClient = new ServiceClient(yourConfCtx,
"path/to/your/axis2.xml");
Options options = new Options();
//Set the 'user' property
options.setProperty("user", yourUserName);
serviceClient.setOptions(options);
In the case of a stub you can do the same by getting the options
object from the stub instance it self.
The inclusion of the
<passwordType>PasswordText</passwordType>
child element in the <action> element ensures the password is sent as
a plain text password. If you want to send the digest of the password
(and the nonce etc.. according to the UT profile) , you can simply
remove this element.
Assuming the webapp already has the knowledge of the passwords of a
given username you can simply code the
your.password.CallbackHandlerClass (mentioned in your configuration in
the client's axis2.xml) to set the appropriate password in the
WSPasswordCallback objects passed into the callback handler.
If you have web client sending you both username and password to the
webapp if you have to set _both_ username and password that you
_received_ in the UsernameToken then you can remove the
<passwordCallbackClass>your.password.CallbackHandlerClass</passwordCallbackClass>
entry form the security config and set an instance of the callback
handler class in the options object as shown below:
options.setProperty("passwordCallbackRef", pwCallbackHandlerInstace);
Since in the above case we are creating the pwCallbackHandlerInstace
in the client code it self once we have both password and the username
you can make sure it set the correct password in the callback instance
provided into the handler.
That's it :-) ... please try out the above scenarios.
I know above configurations look a little bit messy and there _is_
another cleaner way to set the configuration completely dynamically
using
org.apache.axis2.security.handler.config.InflowConfiguration
org.apache.axis2.security.handler.config.OutflowConfiguration
But in the next release of "rampart' module these classes will be
refactored into the "org.apache.rampart.handler.config" package. This
will also require you to have the axis2-security-SNAPHOT.jar [1] in
the classpath.
If you are interested please have a look at [2] for a sample usage of
org.apache.axis2.security.handler.config.OutflowConfiguration and
please ask if you have any questions :-)
Thanks,
Ruchith
[1] http://cvs.apache.org/dist/axis2/nightly
[2]
http://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/integration/test/org/apache/axis2/security/Scenario1Test.java
On 5/10/06, Arjuna Chala <[EMAIL PROTECTED]> wrote:
Ruchith,
Thanks for your reply. I checked out the sample that you were
referring to. From studying the sample I could infer that I have to do
the following:
First, about my architecture:
Web client (browser) calls web app ----> web app (war) calls web
service ---> Axis Service
My requirement is to be able to pass in the user credentials (can
change on every call) from the web app to the web service. For now,
all that I need is user authentication based on the WS-Security
usernametoken.
From your example, I understand that I have to create a Password
callback class and initialize the user name and password in this
class. Do you think I am on the right track here? Also, how should I
be configuring the client repository in my web app?
On 5/10/06, Ruchith Fernando <[EMAIL PROTECTED]> wrote:
> Please have a look at the "security" sample available in the
> "samples/security" directory of std-bin distribution.
>
> The samples/security/client_repo/conf/axis2.xml file contains the
> client's configuration and the service's configuration is in the
> services.xml file available in the META-INF dir of the
> SecureService.aar
>
> Thanks,
> Ruchith
>
> On 5/10/06, Arjuna Chala <[EMAIL PROTECTED]> wrote:
> > I am having a hard time understanding the client configuration for creating
> > a WS-Security header for a web service stub call. Can somebody please point
> > me to a place where I can find a concrete example of how to create a client
> > stub that is ws-security enabled.
>
