See here for some information on validating a UsernameToken when you don't have the password in the CallbackHandler:
http://coheigea.blogspot.com/2011/06/custom-token-validation-in-apache-cxf.html Colm. On Thu, Feb 16, 2012 at 9:55 AM, Nagamohan <[email protected]> wrote: > Hi, > > We are trying to use WS-Security with UserNameToken with cxf 2.4.2. We have > a custom CallbackHandler where it doesn't have a mechanism to set the > original password to be compared with the one got from SOAP request, but for > the given username and password we know how to authenticate. > > How can we get away this problem, is there any way to write custom > validators for WS-Security UsernameToken validation? > > Thanks, > -Nagamohan > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/Apache-cxf-2-4-2-Custom-UserNameToken-validator-tp5489035p5489035.html > Sent from the cxf-user mailing list archive at Nabble.com. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
