> Date: Fri, 12 Dec 2014 12:45:51 +0100
> From: j.s...@fz-juelich.de
> To: java-user@axis.apache.org
> Subject: axis2 rampart
>
> hi,
MG>Guten Tag
>
> i tried to authenticate soap service users against an microsoft active
> directory.
> is it possible within the CallbackHandler to get the password provided
> by the user within the soap message?
>
> i read something about getUsage==USERNAME_TOKEN_UNKOWN but i do not know
> the settings in rampart to get axis call the callback in this way. (in
> this case the password sould be provided by WSPasswordCallback.getPassword)
>
> i also tried to get a MessageContext within the callback routine. but
> this is not possible. the result of getCurrentMessageContext is null.
MG>public class TestCBHandler implements
javax.security.auth.callback.CallbackHandler{
MG> public void handle(javax.security.auth.callback.Callback[] callbacks)
throws IOException, javax.security.auth.callback.UnsupportedCallbackException
{
for (javax.security.auth.callback.Callback callback : callbacks) {
if (callback instanceof org.apache.ws.security.WSPasswordCallback) {
org.apache.ws.security.WSPasswordCallback pc =
(org.apache.ws.security.WSPasswordCallback) callback;
/*
* This usage type is used only in case we received a
* username token with a password of type PasswordText or
* an unknown password type.
*
* This case the WSPasswordCallback object contains the
* identifier (aka username), the password we received, and
* the password type string to identify the type.
*
* Here we perform only a very simple check.
*/
if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN)
{
if (pc.getIdentifier().equals("Username") ) { //default is
Username
return;
}
if (pc.getPassword().equals("Password")) { //default is
Password
return;
}
throw new
javax.security.auth.callback.UnsupportedCallbackException(callback,"check
failed");
}
MG>then in your rampartConfig
<wsp:Policy wsu:Id="5"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";>
<ramp:user>UnencryptedUsername</ramp:user>
<ramp:encryptionUser>Username</ramp:encryptionUser>
<ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
<ramp:signatureCrypto>
<!-- merlin only supports keys < 1024b...if you want stronger go with
bouncycastle -->
<ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<!-- make sure the jks exists and the password for this jks matches the
password below -->
<ramp:property
name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
<!-- here is the password which must match the password from the above .jks -->
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">Password</ramp:property>
</ramp:crypto>
</ramp:signatureCrypto>
</ramp:RampartConfig>
>
> thanks in advance
>
>
> gruss juergen
>
MG>mit freundlichen grüßen
MG>Martin
>
>
