Hi Nandana,
>Yes, In your scenario,
>1) Do you plan to use secure transport HTTPS ?
I'm planning to use HTTPS as the secure transport. We're not planning on
using keys just yet.
> I think the exception is quite correct if the password
>callback class is not in the client's classpath. You should
>put the client's password callback in the client's claspath.
>But you can even set the username and password using the
>service client's API in the client code.
You gave me a very good example on how to do implement this in an
earlier email. What you suggested was to dynamically set the username
and password using the client's options as shown below:
ServiceClient client = new ServiceClient(ctx, null);
Options options = client.getOptions();
options.setUserName("user");
options.setPassword("password");
Do I have to do anything regarding the "OutflowSecurity" parameter in
client.axis2.xml? Or does 'options.setUserName("user")' automatically
pass on the "user" value to "OutflowSecurity" as shown below? And what
do I specify within the <passwordCallbackClass> element? Do I leave this
empty since there's no callback handler on the client side? Thanks again
for your help.
<module ref="rampart" />
<parameter name="OutflowSecurity">
<action>
<items>UsernameToken Timestamp</items>
<user>user</user>
<passwordCallbackClass>org.apache.rampart.samples.PWCBHandler</passwordC
allbackClass>
</action>
</parameter>
Regards
Sanjay
>-----Original Message-----
>From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED]
>Sent: 15 January 2008 11:42
>To: rampart-dev@ws.apache.org
>Subject: Re: Keeping the Password Callback Handler classes separate.
>
>Hi Sanjay,
>
>So can I implement this model using the Policy based config model for
>> Rampart?
>
>
>Yes, In your scenario,
>1) Do you plan to use secure transport HTTPS ?
>2) Are you plan to use ( at least server's ) key for securing
>the service ?
>
>
>> I can't seem to get it working otherwise as I mentioned
>earlier as the
>> client can't find the PWHandlerClient class. Thanks again.
>
>
>I think you will be able to fix the no class found thing by
>having the password callback in the client's classpath. But I
>think, as Paul has said it is better to move to policy based
>configuration.
>
>Regards,
>Nandana
>
