OK, so here's my callback. I was originally expecting that if I returned a
password from this callback that was different from the incoming password,
that an exception would be thrown. It sounds like an exception should be
thrown, but it's not. I'll write a test case with WSS4J to see if that's
the case. In the meantime, can you take a look at my callbackhandler?
I was originally planning on getting the user from a login service and then
throwing it on a ThreadLoca, however, I'm tempted to do the user lookup in a
handler that occurs after WSS4J using the WSUsernameTokenPrincipal that is
stored in the message context.
Brian
public class PasswordCallbackHandler
implements CallbackHandler
{
private static ThreadLocal _user;
private BusinessService myBusinessService;
private String myUserid;
private String myPassword;
public PasswordCallbackHandler()
{
_user = new ThreadLocal();
}
public void handle(Callback[] callbacks)
throws IOException, UnsupportedCallbackException
{
for (int i = 0; i < callbacks.length; i++)
{
WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
if (pc != null)
{
if (pc.getIdentifer().equals("CUPAREQ")){
pc.setPassword("WrongPassword"); // I was
}
}
//TODO Multiple callbacks might occur if the document has sections
// signed by multiple actors???
// Authenticate the user against with a login service
// Temporarily commented out to show Tomek the issue with wrong
password
// User user = myBusinessService.authenticate(pc.getIdentifer(),
pc.getPassword());
// _user.set(user);
}
}
/**
* @param businessService The businessService to set.
*/
public void setBusinessService(BusinessService businessService)
{
myBusinessService = businessService;
}
/**
* @return Returns the myUser.
*/
public static User getUser()
{
return (User)_user.get();
}
}
--
View this message in context:
http://www.nabble.com/WS-Security-and-UserTokens-t1543793.html#a4248135
Sent from the XFire - User forum at Nabble.com.
