BTW, I will update our online example to use a IOException for a bad cleartext password, as that appears to be the less incorrect of our two exception choices. It seems strange, though, that WSS4J treats digest and cleartext passwords differently, relying on the CallbackHandler to do the validation for the latter: http://tinyurl.com/cuqblz. CallbackHandlers do not appear meant to do validation, or else they would have a BadPasswordSuppliedException or similar exception-throwing capability.
Glen Glen Mazza wrote: > > Technically, I guess you're limited to not just any exception but > specifically a IOException or a UnsupportedCallbackException subclass, as > those are the only two types of exceptions declared throwable by the > handle() method: > http://java.sun.com/javase/6/docs/api/javax/security/auth/callback/CallbackHandler.html -- View this message in context: http://www.nabble.com/Package-for-SecurityException--tp22669188p22679478.html Sent from the cxf-user mailing list archive at Nabble.com.
