Re: Custom UsernameToken

Wed, 03 Jun 2009 13:10:53 -0700 

If you are extending the WSS4J interceptor, it really shouldn't be too hard.   
The easiest method would probably be to override the WSHandler.doSenderAction 
to do something like:
        boolean mu = decodeMustUnderstand(reqData);

        Object mc = reqData.getMsgContext();
        String actor = getString(WSHandlerConstants.ACTOR, mc);
        reqData.setActor(actor);
        WSSecHeader secHeader = new WSSecHeader(actor, mu);
        Element el  = secHeader.insertSecurityHeader(doc);

        /// do your stuff here.
       super.doSenderAction(....)
        

That will give you the DOM Element for the header that would be created so you 
can append things.     By doing it before the super.doSenderAction is called, 
it SHOULD then be eligible to be signed and stuff.

Dan



On Wed June 3 2009 12:02:33 pm Dylan McReynolds wrote:
> I have a partner who has implemented an STS in .NET. They require a
> custom-generated UsernameToken tag within the wsse:Security header. The
> tag has a unique namespace and its contents are unique.
>
> If I add WSHandlerConstants.USERNAME_TOKEN to the
> WSHandlerConstants.ACTION property, it produces a wsse:UsernameToken.
> However, they want this custom tag to be a child of the wsse:Security tag:
>
>         Map<String, Object> outProps = new HashMap<String, Object>();
>         outProps.put(WSHandlerConstants.ACTION,
> WSHandlerConstants.SAML_TOKEN_UNSIGNED + " " +
> WSHandlerConstants.USERNAME_TOKEN);
>
>         outProps.put(WSHandlerConstants.SAML_PROP_FILE, "saml.properties");
>         outProps.put(WSHandlerConstants.USER, "foo_username");
>         outProps.put(WSHandlerConstants.PASSWORD_TYPE,
> WSConstants.PW_TEXT); outProps.put(WSHandlerConstants.MUST_UNDERSTAND,
> "true");
>         outProps.put(WSHandlerConstants.PW_CALLBACK_REF, new
> PasswordHandler("bar_password"));
>         WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
> //request
>         bus.getOutInterceptors().add(wssOut);
>
>
> I've tried extending WSS4JOutInterceptor, building my token in the
> handleMessage method and adding it to the headers using:
>     Header header = new Header(qname, elem);
>    msg.getHeaders().add(header);
>
> But this ends up as its own header.
>
> Is there someway that I can add to the wsse:Security tag, or modify the
> wsse:UsernameToken tag?
>
> Thanks,
> Dylan McReynolds

-- 
Daniel Kulp
[email protected]
http://www.dankulp.com/blog

Reply via email to