[
https://issues.apache.org/jira/browse/RAMPART-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13583040#comment-13583040
]
Brian Reinhold commented on RAMPART-205:
----------------------------------------
I altered the code in WWS4J 1.6.6 so that getPassword() in the callback would
be the password sent by the user. The down side is that to remain consistent
with their model you have to change that password to something different if it
is wrong. The reason I did that is because their model requires that the server
always know the ACTUAL password. If you are storing digests (for security's
sake) then the server will not know the actual password. So the end result my
check is to validate the received password (clear or digested) and if okay, I
do nothing. If invalid, I call the setPassword() method to change it to
something else; actually I always call setPassword() but for passing I call
setPassword(getPassword()).
> Setting WSSConfig properties from RampartConfig
> -----------------------------------------------
>
> Key: RAMPART-205
> URL: https://issues.apache.org/jira/browse/RAMPART-205
> Project: Rampart
> Issue Type: Improvement
> Reporter: Frode Laukus
> Priority: Minor
>
> I believe it's not currently possible to set properties on WSS4J WSSConfig
> using the RampartConfig. I think it would be a nice improvement to be able to.
> One example is WSSConfig.HANDLE_CUSTOM_PASSWORD_TYPES which I recently found
> I would have liked being able to set to true, being default false.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
