You don't need the PWCB in the client. As of Axis2 1.3 you can simply call:
stub._getServiceClient().getOptions().setUsername()/setPassword()
Paul
On Wed, May 7, 2008 at 4:39 PM, Stefan Lischke <[EMAIL PROTECTED]> wrote:
> Hi,
>
> Can someone please enlighten me why the PasswordCallBackHandler must also be
> available at the
> clientside?
>
> Why can this handler be used to get the password with the hack:
>
> pwcb.setPassword("bobPW");
>
> Isn't there any other possibility to set the password that will be submitted
> by the client?
>
> In my opinion it is a security matter to deliver the PasswordCallBackHandler
> class to the customers
> that use a client library. They can disassemble the class and see the logic
> how the password is
> checked at serverside.
>
> Another Problem, i have to make the jars available at clientside that are
> needed at serverside in
> the PasswordCallBackHandler.
>
> Did i missed something to understand this?
>
> Please enlighten me
>
> thx in advance
>
> Stefan
>
--
Paul Fremantle
Co-Founder and CTO, WSO2
Apache Synapse PMC Chair
OASIS WS-RX TC Co-chair
blog: http://pzf.fremantle.org
[EMAIL PROTECTED]
"Oxygenating the Web Service Platform", www.wso2.com
