Hello,
I met a problem with security. I want to use it in my WS.
Here is my endpoint coinfiguration:
<jaxws:endpoint id="SD_Users"
implementor="SD.services.Users"
address="/SD_Users">
<jaxws:inInterceptors>
<bean
class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"/>
<bean
class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<property name="properties">
<map>
<entry key="action" value="UsernameToken"/>
<entry key="passwordCallbackClass"
value="SD.util.Secure"/>
<entry key="passwordType" value="PasswordText"/>
</map>
</property>
</bean>
</jaxws:inInterceptors>
</jaxws:endpoint>
and this is my callback:
public class Secure implements CallbackHandler
{
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException
{
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
if (pc.getIdentifer().equals("joe") )
{
// set the password on the callback. This will be compared
to the
// password which was sent from the client.
pc.setPassword("password");
}
}
}
The problem is method from WS is invoked even if i pass user:'aaa'
without password.
What I'm doing wrong?
