Hi Jan, I'm not sure if this will be any help, but you could take a look at the ReceivedTokenCallbackHandler here:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/delegation/ReceivedTokenCallbackHandler.java?view=markup This is used to insert a previously received token in an "OnBehalfOf" element when requesting a security token from an STS. Colm. On Mon, Nov 28, 2011 at 3:08 PM, janb <[email protected]> wrote: > Hi everyone, > > this is my scenario I use the CXF STS for authentication. I developed my own > UsernamePasswordValidator to validate a SessionID provided as a password. > This works great. Now my next step would be to convince my cxf client (more > precisely my STS Client) to get and use a SessionID available from a HTTP > Cookie within my Webapplication. > > My first idea was to write my own CallbackHander which inserts the Cookie > value as a password. But I do not know how to get access to my HTTP Request > within my CallbackHandler... > > How can I get this to work, or is there a better way I should consider? > > Kind regards > Jan > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/Can-I-use-a-SessionID-from-a-Cookie-for-authentication-tp5029119p5029119.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
