Hi,
Can someone please enlighten me why the PasswordCallBackHandler must also be
available at the
clientside?
Why can this handler be used to get the password with the hack:
pwcb.setPassword("bobPW");
Isn't there any other possibility to set the password that will be submitted by
the client?
In my opinion it is a security matter to deliver the PasswordCallBackHandler
class to the customers
that use a client library. They can disassemble the class and see the logic how
the password is
checked at serverside.
Another Problem, i have to make the jars available at clientside that are
needed at serverside in
the PasswordCallBackHandler.
Did i missed something to understand this?
Please enlighten me
thx in advance
Stefan
