Hi Brian assuming rampart implements this configuration: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";> <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing";> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; soapenv:mustUnderstand="1"> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Timestamp-12468716"> <wsu:Created>2008-06-23T13:17:13.841Z</wsu:Created> <wsu:Expires>2008-06-23T13:22:13.841Z</wsu:Expires> </wsu:Timestamp> <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="UsernameToken-31571602"> <wsse:Username>alice</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>bobPW</wsse:Password> </wsse:UsernameToken> </wsse:Security> <wsa:To>http://localhost:8081/axis2/services/sample01</wsa:To> <wsa:MessageID>urn:uuid:AEDBA74A8D1FC94B631214227032877</wsa:MessageID> <wsa:Action>urn:echo</wsa:Action> </soapenv:Header> <soapenv:Body> <ns1:echo xmlns:ns1="http://sample01.policy.samples.rampart.apache.org";> <param0>Hello world</param0> </ns1:echo> </soapenv:Body> </soapenv:Envelope> public void handle(Callback[] callbacks) throws IOException,UnsupportedCallbackException { for (int i = 0; i < callbacks.length; i++) { //When the server side need to authenticate the user WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i]; if (pwcb.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) { if(pwcb.getIdentifier().equals("bob") && pwcb.getPassword().equals("bobPW")) { http://wso2.org/library/3733 HTH., Martin Gainty ______________________________________________ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. > From: brianreinh...@lampreynetworks.com > To: java-dev@axis.apache.org > Subject: Rampart STS Username service not returning password in callback > Date: Tue, 15 Jan 2013 15:00:53 -0500 > > Has anyone else had this problem? I have a simple STS Username token request > for a SAML token where the username token is as follows: > > <wsse:UsernameToken wsu:Id="UsernameToken-ID"> > <wsse:Username>myName</wsse:Username> > <wsse:Password > Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token > -profile-1.0#PasswordText">myPassword</wsse:Password> > </wsse:UsernameToken> > > > On the receive side there is a callback to verify the username token > > public void handle(Callback[] callbacks) throws IOException, > UnsupportedCallbackException > { > for(Callback callback: callbacks) > { > WSPasswordCallback cb = (WSPasswordCallback)callback; > int callbackType = cb.getUsage(); > switch(callbackType) > { > case WSPasswordCallback.USERNAME_TOKEN: > try > { > if(cb.getType().equals(WSConstants.PASSWORD_TEXT)) > { > String myPassword = cb.getPassword(); > ... > > The returned 'myPassword' is null. Any ideas why? > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org > For additional commands, e-mail: java-dev-h...@axis.apache.org >
