Rebecca Searls created CXF-5519:
-----------------------------------
Summary: Setting SecurityConstants.STS_TOKEN_ACT_AS as
CallbackHander requires better documentation.
Key: CXF-5519
URL: https://issues.apache.org/jira/browse/CXF-5519
Project: CXF
Issue Type: Improvement
Components: JAX-RS Security
Affects Versions: 2.7.8, 3.0.0-milestone1
Reporter: Rebecca Searls
Using: cxf-tr-ws-security-2.7.8
The current documentation states that SecurityConstants.STS_TOKEN_ACT_AS
declared with "a CallbackHandler object to use to obtain the token"
A very specific CallbackHandler implementation is required. It MUST be
an implementation that supports processing DelegationCallback as input and
generating a org.w3c.dom.Element.
Existing examples are
org.apache.cxf.ws.security.trust.delegation.ReceivedTokenCallbackHandler
org.apache.cxf.ws.security.trust.delegation.WSSUsernameCallbackHandler
The code in org.apache.cxf.ws.security.trust.AbstractSTSClient requires this.
814 DelegationCallback callback = new DelegationCallback(message);
815 ((CallbackHandler)delegationObject).handle(new Callback[]{callback});
816 return callback.getToken();
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
