Dears, I want to limit the access to an axis2 web service to allow only calls that use UsernameToken with a Digest Password.
Following rampart sample01 I am able to enable rampart module and call the webservice by providing "bobPW" as the password, in digested form. I call the service from SOAPUI. Problems I see so far, that prevent me from considering this as a production solution: 1. PWCBHandler needs to use clear text passwords. 2. The call is successfull even if the password is not digested, but in clear text. I looked arround trying to understand the usage of javax.security.auth.callback.CallbackHandler but without much success so far. Is there any way to delegate the authentication of the user to the application server (Weblogic) ? Any suggestion about enforcing the password to be in digest form? Thank you, Liviu
