Thanks Ruchith, now it works with PasswordDigest! Best Regards, Sven
-----Ursprüngliche Nachricht----- Von: Ruchith Fernando [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 16. März 2007 09:01 An: [email protected] Betreff: Re: [Axis2] UsernameToken Authentication in Rampart Hi Sven, When using password digest mechanism the authentication is carried out by Rampart. At the callback handler you are expected to set the password in the WSPasswordCallback instance passed into the callback handler. This password value will be used by Rampart to generate the digest value and compare with the value in the incoming username token. Thanks, Ruchith On 3/14/07, Sven Schroebler <[EMAIL PROTECTED]> wrote: > Hello everybody, > > how can I access the password that was submitted in the PasswordDigest from > a UsernameToken to authenticate a username/password? > > I am using UsernameToken authentication to secure my webservice (Axis2 1.1.1 > with Rampart 1.1). I configured the client for Outflow-Security and the > server for Inflow-Security. After calling the webservice from the client, > when the callbackhandler of the service on the server is called, the > WSPasswordCallback-Instance only contains the username of the Token, not the > password (although present in the SOAP-Header). > > In contrast to that I can access the password in the service's > callbackhandler if I switch the PasswordType to "PasswordText" on the client > side (in plain text of course). > > Is it possible at all to authenticate against the submitted password digest? > Why does the WSPasswordCallback not cotain the value of "PasswordDigest", > nor the password? I would prefer using PasswordDigest authentication rather > than using PasswordText. > > I would greatly appreciate, if someone could give me a hint or a pointer to > more detailed information. The only information I found is this: > > [1] - http://wso2.org/library/240 > [2] - http://wso2.org/library/234 > > > > Best Regards, > Sven > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- www.ruchith.org www.wso2.org --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
