The UsernameTokenValidator expects that the callbackhandler sets the password in the WSPasswordCallback. The password is then compared by the UsernameTokenValidator itself.
Maybe the following WSS4J validator is of interest for you because it supports JAAS to validate username/password. Either you write your own login module or use for example the standard LdapLoginModule shipped as part of the JDK. http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/validate/JAASUsernameTokenValidator.java?view=log This will be part of CXF 2.4.3 which should be released soon. Thanks Oli ________________________________________ Von: pj23 [[email protected]] Gesendet: Donnerstag, 22. September 2011 21:05 Bis: [email protected] Betreff: UsernameTokenHandler required? or Help with WSS4J CallbackHandler Hi, I was doing pretty well with setting up a contract first set of web services using CXF until I started adding in the WSS4J piece. I'm trying to debug sending a password and login in the soap header to a cxf service. I am getting null when I call getPassword() in the WSPasswordCallback class. I can see from the soap envelope that a password was sent. This post, http://old.nabble.com/PasswordDigest-and-PasswordText-difference-td24475866.html, from 2009, made me wonder if I am missing (need to create) a UsernameTokenHandler. And if that is true, can someone point me to how I would configure it in the spring/cxf bean xml file? Any advice or suggestions would be appreciated. http://cxf.547215.n5.nabble.com/file/n4831197/incoming_soap_msg.xml incoming_soap_msg.xml http://cxf.547215.n5.nabble.com/file/n4831197/beans.xml beans.xml (just in case my configuration is incomplete) http://cxf.547215.n5.nabble.com/file/n4831197/ServicePWCallback.java ServicePWCallback.java (shows the call) -- View this message in context: http://cxf.547215.n5.nabble.com/UsernameTokenHandler-required-or-Help-with-WSS4J-CallbackHandler-tp4831197p4831197.html Sent from the cxf-user mailing list archive at Nabble.com.
