Hi Sathija, As it is explained in the first section of [1] when you use PasswordDigest mechanism you will have to *supply* the actual password for WSS4J to compute the digest and then compare with the incoming digest value. Therefore in this case the password will not be available in the callback handler. The plain text case and the digest case are different from each other in this aspect and in the plain text case you do get the password for you to carryout authentication in the way you prefer, as for the requirements of password storage mechanisms of the service.
Thanks, Ruchith [1] http://www.wso2.net/2006/08/15/rampart-ut-auth On 11/29/06, Sathija Pavuluri <[EMAIL PROTECTED]> wrote:
Hello, I've previously used Rampart to authenticate my web service client using cleartext password as described in this article: http://www.wso2.net/2006/08/15/rampart-ut-auth I am now trying to use PasswordDigest and running into issues. In my service impl, I have a PasswordCallbackHandler that has some custom authentication. (I basically pass off the credentials to a tomcat realm to authenticate the ws client). This worked previously when the password was in clear text. The WSPasswordCallback's getPassword() returned the plain text password. But with the digested password, the getPassword() returns me null. I am using a nightly from the last days of 1.0. I've read the 1.1 Rampart documentation on Axis2 site and what was described was significantly different from what was listed in this article I mentioned above. In any case, the 1.1 doc doesnt even talk about the PasswordDigest and PasswordText types. Has a lot of this been revamped? Thanks, Sathija. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- www.ruchith.org --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
