Hello,
I am using CXF 2.6.1. I have a case where I need the username/password
passed in the security header for further processing in my service endpoint
and I am not sure how to accomplish this. I have this annotation on my
service:
@org.apache.cxf.interceptor.InInterceptors (interceptors =
{"com.base.WSSecurityInterceptor" })
In that interceptor.handleMessage() I have this code:
Map<String, Object> inProps = new HashMap<String, Object>();
inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
inProps.put(WSHandlerConstants.PW_CALLBACK_REF, new PasswordHandler());
WSS4JInInterceptor wss4jInHandler = new WSS4JInInterceptor(inProps);
ValidateUserTokenInterceptor userTokenInterceptor = new
ValidateUserTokenInterceptor(Phase.POST_PROTOCOL);
message.getInterceptorChain().add(wss4jInHandler);
message.getInterceptorChain().add(new SAAJInInterceptor());
message.getInterceptorChain().add(userTokenInterceptor);
I do not want the PasswordHandler() to set a password and I do not want the
built-in UsernameTokenValidator to validate the password. I have read
Colm's blog
http://coheigea.blogspot.com/2011/06/custom-token-validation-in-apache-cxf.html
Custom token validation in Apache CXF 2.4 but I don't understand where
these settings go and how to implement this. What I need is access to the
username and password passed in the message within my serviceimpl method.
I could use help to get through this learning curve.
Thank you.
--
View this message in context:
http://cxf.547215.n5.nabble.com/How-to-obtain-the-Username-Token-username-and-password-in-the-endpoint-tp5712917.html
Sent from the cxf-user mailing list archive at Nabble.com.
