Thanks for all your help. I have made progress on this. I am using CXF
2.4.2 and WSS4J 1.6.2. The framework now takes care of checking the
password for you. So the correct inside section is
if (callbacks[i] instanceof WSPasswordCallback) {
WSPasswordCallback pc = (WSPasswordCallback)
callbacks[i];
sString login = pc.getIdentifier();
String password = getPassword(login);
pc.getPassword(login);
//...
}
Instead of retrieving the password from the soap header to compare against
the expected value, you lookup the expected value and pass it to the
framework to do the comparison.
--
View this message in context:
http://cxf.547215.n5.nabble.com/UsernameTokenHandler-required-or-Help-with-WSS4J-CallbackHandler-tp4831197p4833929.html
Sent from the cxf-user mailing list archive at Nabble.com.
