[
https://issues.apache.org/jira/browse/CXF-5519?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh updated CXF-5519:
-------------------------------------
Fix Version/s: 2.7.9
2.6.12
3.0.0-milestone2
> Setting SecurityConstants.STS_TOKEN_ACT_AS as CallbackHander requires better
> documentation.
> -------------------------------------------------------------------------------------------
>
> Key: CXF-5519
> URL: https://issues.apache.org/jira/browse/CXF-5519
> Project: CXF
> Issue Type: Improvement
> Components: Documentation, JAX-RS Security
> Affects Versions: 3.0.0-milestone1, 2.7.8
> Reporter: Rebecca Searls
> Assignee: Colm O hEigeartaigh
> Fix For: 3.0.0-milestone2, 2.6.12, 2.7.9
>
>
> Using: cxf-tr-ws-security-2.7.8
> The current documentation states that SecurityConstants.STS_TOKEN_ACT_AS
> declared with "a CallbackHandler object to use to obtain the token"
> A very specific CallbackHandler implementation is required. It MUST be
> an implementation that supports processing DelegationCallback as input and
> generating a org.w3c.dom.Element.
>
> Existing examples are
> org.apache.cxf.ws.security.trust.delegation.ReceivedTokenCallbackHandler
> org.apache.cxf.ws.security.trust.delegation.WSSUsernameCallbackHandler
>
> The code in org.apache.cxf.ws.security.trust.AbstractSTSClient requires this.
> 814 DelegationCallback callback = new DelegationCallback(message);
> 815 ((CallbackHandler)delegationObject).handle(new Callback[]{callback});
> 816 return callback.getToken();
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
