[
https://issues.apache.org/jira/browse/RAMPART-374?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17894714#comment-17894714
]
Robert Lazarski commented on RAMPART-374:
-----------------------------------------
Best I can tell, RampartUsernameTokenValidator was implemented in 2013 -
anyways, we now support the latest WSS4J 3.0.3.
I am going to mark this issue as fixed since the commit message seems to
address the issue:
commit 3c67f6eca25663a5fde88e6e13d8df77507230d7
Author: Ruchith Udayanga Fernando <[email protected]>
Date: Wed Jan 30 06:12:39 2013 +0000
Fixed the issue raised in this [1] discussion.
RampartUsernameTokenValidator overrides the verifyPlaintextPassword method
of org.apache.ws.security.validate.UsernameTokenValidator
The default implementation expects the callback handler to supply the plain
text password (when a username token with a plain text password is used), which
should not be possible in practice
> Not Able to use custom validator for USERNAME_TOKEN during server side
> validation
> ---------------------------------------------------------------------------------
>
> Key: RAMPART-374
> URL: https://issues.apache.org/jira/browse/RAMPART-374
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Affects Versions: 1.6.2
> Environment: Windows 7 Enterprise Service pack 1, jboss-5.1.0.GA,
> axis2-1.6.2 (exploded war), rampart-1.6.2
> Reporter: AravindPS
> Assignee: Robert Lazarski
> Priority: Major
> Labels: axis21.6, rampart1.6.2
>
> Hi,
> We are upgrading from Axis2 1.5.5/ Rampart 1.5.11 to axis2
> 1.6.2/Rampart1.6.2. Here we have seen that the USERNAME_TOKEN_UNKNOWN has
> been deprecated and hence there is no backward compatibility. At this late
> stage we cannot implement the code to provide passwords at the server
> password callback class. So we have a problem.
> The server password callback class is asking for the password. We have
> designed the services such that for username token authentication we are
> sending the request to another directory store for authentication.
> Is there a way to process this without giving the password at server side.
> Can we configure custom validators to pass the authentication for
> USERNAME_TOKEN without validating the passwords?
> If yes can you tell us how to write/configure custom validators?
> Also, if there is any other solution do let us know.
> Thanks,
> Aravind
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
