Hi I would like to start a discussion on extending the usage of a ClientCallbackHandler.
Currently the username for a a service consumer is rather static configured via ws-security.username property. This works great for situations where a user is fixed assigned to a service-consumer. But if different users call the same service consumer, it would be great, if these user-information could be dynamically forwarded to the service. Surely one way to do this (the recommended way) would be via ActAs or OnBehalfOf Token / CallbackHandler. But this works only, if the sts server can handle these token. In situations, where the sts server can not handle delegated identities, the usual ws-security authentication token could be used instead. In my case a UsernamePassword Token should contain credentials from the person that calls my cxf client. Via CallbackHandler it is easy to pass the password along, but the username will always be taken from the (spring config) property. As far as I can see, there would be to methods within cxf that could be updatet to use the Username provided via a CallbackHandler instead of using the ws-security.username property. This would be: * org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder#addUsernameToken(UsernameToken token) * org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor#addUsernameToken(SoapMessage message, UsernameToken token) Instead of calling utBuilder.setUserInfo(userName, password); with the username from String userName = (String)message.getContextualProperty(SecurityConstants.USERNAME); the callback handler should be called to provide both username and password. The username from ws-security.username property would still be the initial (default) value, and only of the callbackhandler changes the username the WSSecUsernameToken would contain another username. I hope I was able to transfer my thoughts via text ;-) What are your thoughts about my proposal? -- View this message in context: http://cxf.547215.n5.nabble.com/Changing-username-via-Callback-Handler-tp5051891p5051891.html Sent from the cxf-dev mailing list archive at Nabble.com.
