You could either remove the WSS4JInInterceptor from the interceptor chain and parse the header yourself to get the username/password, or else you could use WSS4JInInterceptor and set the "ws-security.validate.token" JAX-WS property to "false". This will cause WSS4J to parse the token but not to validate the username/password. The username/password should then be available via a SecurityToken Object on the message, as in the code listing Freeman gave.
Colm. On Thu, May 8, 2014 at 9:48 AM, Monga, Sunita (GE Healthcare) < [email protected]> wrote: > Hello, > > We have a requirement to extract username and password from WSS headers > and pass it downstream for custom authentication. How to retrieve the > values without using WSSJ authentication. > > Thanks > > Sunita > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
