how o use stored password in a database which rampart should verify

Mon, 06 May 2013 07:52:48 -0700 

   Hello I 've made a an axis  2 web service which stores the user hashed 
password in a database.
So it's obvious that I shold add some kind of security to my web service so i 
use rampart! 


But it's written that in a real application, you'd naturally 
want to use some other mechanism  (such as a database or an external 
security mechanism) to verify the username and password combination. 
so it  seems that I can't understand how to make the implementtion - so I will 
hash  password with salt salt  and to store it in a database and then I don't 
know what to do next. 
could you recommend the steps

So you will see that in my request from javascript the password is also seen so 
it seens that this should also be changes! 

Thank you in advance!


and here is my password callabck class
p
ublic 
classPWCBHandlerimplementsCallbackHandler{publicvoidhandle(Callback[]callbacks)throwsIOException,UnsupportedCallbackException{for(inti
 =0;i <callbacks.length;i++//When the server side need to authenticate the 
userWSPasswordCallbackpwcb 
=(WSPasswordCallback)callbacks[i];if(pwcb.getIdentifier().equals("bob")){pwcb.setPassword("bobPW");}}//When
 the client requests for the password to be added in to the //UT element}

and here is the request from javascrip


------------------------------------------------------------

 
 
var sr =
"<?xml version=\"1.0\" encoding=\"utf-8\"?>" +
"<soapenv:Envelope " + 

"xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\"; " +
"xmlns:nlo=\"http://nlo\";>"+
"<soapenv:Header>"+
'<wsse:Security 
xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\";
 soapenv:mustUnderstand="1">'+
'<wsse:UsernameToken 
xmlns:wsu="http://docs.oasisopen.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
 wsu:Id="123">'+
'<wsse:Username>bob</wsse:Username>'+
'<wsse:Password 
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>bobPW</wsse:Password>'+
'</wsse:UsernameToken>'+
'</wsse:Security>'+
"</soapenv:Header>"+
"<soapenv:Body>" +
"<nlo:InsertIntoDB>" +
'<nlo:data>'+xml+'</nlo:data>' +
' </nlo:InsertIntoDB>'+

'</soapenv:Body>' +
'</soapenv:Envelope>';





xmlhttp.onreadystatechange = function () 
{
if (xmlhttp.readyState == 4) 
{
if (xmlhttp.status == 200) 
{

alert(xmlhttp.responseText);
}
}
}
// Send the POST request
xmlhttp.open('POST', 
'http://localhost:8080/axis2/services/hash_pass_security?wsdl', true);
xmlhttp.setRequestHeader('Content-Type', 'text/xml');
xmlhttp.send(sr);
// send request



} 


}

Reply via email to