Hi
I think you are on the right path, you don't really want to request a
user to enter the name & password into the application this user has
just installed on the phone.
So get the user obtain a token, a 'binary' token in WS-Security terms,
and enter this token into the device; and yes, OAuth2 Bearer token can
be a good candidate
Sergey
On 20/01/14 13:05, Marcello Ribeiro wrote:
Is there any way to send username/password from client to server just
once, using WSS4iNTERCEPTOR? Only during the first login?
I think about keeping a token and using it all next times instead of
storing username/password to be sent every logins.
In case of a mobile app running in Android as CXF WS client, would it be
a good practice to store username/password to be used in the other logins?
I donĀ“t think so, but at same time i am looking for solutions to avoid
password being "hacked" directly in the device;
Att,
Marcello Ribeiro
