hi joerg, thanks for your reply.
but this do not work for me, because pwcb.getPassword() returns always null when usage is WSPasswordCallback.USERNAME_TOKEN. In this case you have to set the password with pwcb.setPassword(pw) and rampart compares this password with the transmitted password (but this do not work because the active directory transfers no passwords)
i thought there is an option in rampart to provide the transmitted password within the callbackhandler
gruss juergen On 12/12/14 15:04, wp11034684-001 wrote:
Hi, it is quite simple to fetch the username/password from the WS-Security UserNameToken : public class PasswordCBHandler implements CallbackHandler { @Override public void handle( Callback[] callbacks ) throws IOException, UnsupportedCallbackException { for( Callback cb : callbacks ) { WSPasswordCallback pwcb = (WSPasswordCallback)cb; if( (pwcb.getUsage() == WSPasswordCallback.USERNAME_TOKEN) || (pwcb.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) ) { String userid = pwcb.getIdentifier(); String pwd = pwcb.getPassword(); boolean isvalid = false; // Do the authentication stuff here, leads to isvalid=true/false if( isvalid ) { logInfo( "PasswordCBHandler.handle(): "+userid+" ok." ); return; } else { logWarn( "PasswordCBHandler.handle(): "+userid+" failed." ); throw new UnsupportedCallbackException(cb, "check failed"); } } } } } And in services.xml of the webservices: <service name="SomeService" scope="application" class="xx.yy.SomeService" > <parameter name="useOriginalwsdl">true</parameter> <parameter name="modifyUserWSDLPortAddress">true</parameter> <!-- some other configurations --> <!-- Authentifizierung via WS-Security (Username-Token) --> <module ref="rampart" /> <parameter name="InflowSecurity"> <action> <items>UsernameToken</items> <passwordCallbackClass> xx.yy.PasswordCBHandler </passwordCallbackClass> </action> </parameter> </service> That should work, if rampart is activated in axis.xml. Cheers Jörgjuergen sorg <j.s...@fz-juelich.de> hat am 12. Dezember 2014 um 12:45 geschrieben: hi, i tried to authenticate soap service users against an microsoft active directory. is it possible within the CallbackHandler to get the password provided by the user within the soap message? i read something about getUsage==USERNAME_TOKEN_UNKOWN but i do not know the settings in rampart to get axis call the callback in this way. (in this case the password sould be provided by WSPasswordCallback.getPassword) i also tried to get a MessageContext within the callback routine. but this is not possible. the result of getCurrentMessageContext is null. thanks in advance gruss juergen
smime.p7s
Description: S/MIME Cryptographic Signature
