Rebecca Searls created CXF-5521:
-----------------------------------
Summary: Setting SecurityConstants.STS_TOKEN_ON_BEHALF_OF as
CallbackHander requires better documentation.
Key: CXF-5521
URL: https://issues.apache.org/jira/browse/CXF-5521
Project: CXF
Issue Type: Improvement
Components: Documentation
Affects Versions: 2.7.8, 3.0.0-milestone1
Reporter: Rebecca Searls
Using: cxf-tr-ws-security-2.7.8
The current documentation states that SecurityConstants.STS_TOKEN_ON_BEHALF_OF
declared with "a CallbackHandler object to use to obtain the token"
A very specific CallbackHandler implementation is required. It MUST be
an implementation that supports processing DelegationCallback as input and
generating a org.w3c.dom.Element.
Existing examples are
org.apache.cxf.ws.security.trust.delegation.ReceivedTokenCallbackHandler
org.apache.cxf.ws.security.trust.delegation.WSSUsernameCallbackHandler
The code in org.apache.cxf.ws.security.trust.AbstractSTSClient requires this.
814 DelegationCallback callback = new DelegationCallback(message);
815 ((CallbackHandler)delegationObject).handle(new Callback[]{callback});
816 return callback.getToken();
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
