You shouldn't need to specify the CallbackHandler on the receiving (signature verification) side, as the private key is not required.
Colm. On Wed, May 1, 2013 at 2:19 PM, minajagi <[email protected]>wrote: > Thanks v much for the reply.I finally got it to work yesterday evening but > didn't have the time to update this post. > I was sending in the Owner/Issuer name on my certificate as the username > and > it wasn't working and when I didn't send any I used to get the Empty > username error.Largely by trial and error and towards the end when your > earlier reply was kind of staring me in the face I realised that I have to > send the alias on my keystore as the username it worked. > > Thanks a lot for all the help and guidance. > > I still have a question about what is the right kind of implementation in > the PasswordCallback Handler. > In both client and server callbacks I am setting the password to that on > the > keystore. > Why is it required at all since the authentication is happenning with > private/public key pair on the client/server here? > Since its not a implementation detail even if you could point me to a bit > of > relevant documentation,it would help. > > > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/cxf-keystore-security-problem-org-apache-cxf-binding-soap-SoapFault-Empty-username-for-specified-act-tp5726920p5727001.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
