Re: How to stop calling PWCallback logic for authentication using SecureConversation

Wed, 23 Jan 2008 08:29:24 -0800 

How to stop calling PWCallback logic for authentication using 
SecureConversationthat depends on the the presence of your sc-configuration 
parameter for your defined service..which should look something like

    <parameter xmlns="" name="sc-configuration">
  <sc-configuration xmlns="">
   <scope xmlns="">service</scope>
   <passwordCallbackClass 
xmlns="">org.apache.axis2.security.sc.PWCallback</passwordCallbackClass>
   <cryptoProperties xmlns="">sctIssuer.properties</cryptoProperties>
  </sc-configuration>
    </parameter>

Regards/
Martin-
  ----- Original Message ----- 
  From: Bhushan Gupte 
  To: [email protected] 
  Sent: Wednesday, January 23, 2008 10:22 AM
  Subject: How to stop calling PWCallback logic for authentication using 
SecureConversation 


  I am trying to implement WS-SecureConversation as defined in Rampart's 
"\policy\sample04" example in the samples directory of the rampart-1.3

  release. 

  The client sends multiple SOAP messages to the server[1].  The messages are 
authenticated using the UsernameToken in PWCallback class.

  Now my question is that every time I send a SOAP message the authentication 
logic in PWCallback class[2] is also executed for every request.

  Is there a way to identify that all the subsequent 
messages("client.sendReceive") are from the same session so that the 
authentication will happen only once by calling the PWCallback handler class 
only once?  Is there a way to identify that all messages are from session in 
the Callback Handler(PWCallback.java)? 

  In real project scenario the PWCallback class will contain calls to LDAP for 
authentication and the whole purpose we are trying to implement 
WS-SecureConversation in addition to WS-Security is that we can to Secure 
Conversation between messages and not have to do LDAP authentication for every 
message. Any help is highly appreciated.

  Thanks in advance.



  Bhushan Gupte


   [1]        OMElement response = client.sendReceive(getPayload("Hello 

  world1"));

          System.out.println("Response 1 : " + response);

          response = client.sendReceive(getPayload("Hello world2"));

          System.out.println("Response 2 : " + response);

          response = client.sendReceive(getPayload("Hello world3"));

          System.out.println("Response 3 : " + response);


  [2]        for (int i = 0; i < callbacks.length; i++) {

              WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];

              String id = pwcb.getIdentifer();

              if("client".equals(id)) {

                  pwcb.setPassword("apache");

              } else if("service".equals(id)) {

                  pwcb.setPassword("apache");

              }

          }

Reply via email to