I need to develop webservice using cxf and WS-security which i have done
(standard recommendation)and looks like
public class ServerPasswordCallback implements CallbackHandler {
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
if ("someusername".equals(pc.getIdentifier())) {
System.out.println("pc.getPassword() " + pc.getPassword());
pc.setPassword("somepassword");
}
}
}
The issue is that the user validation result needs to be in the header.
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-
wss-wssecurity-secext-1.0.xsd" >
<SOAP-ENV:Header>
<ns1:Security>true</ns1:Security>
</SOAP-ENV:Header>...........</SOAP-ENV:Envelope>
If i am not wrong that I need to validate the usertoken in some custom
interceptor or modify the ServerPasswordCallback.How should i go about it
and what could be the advantages? Apologies if anyone has already answered
this.You can also direct me to the link.Thanks in advance.
--
View this message in context:
http://cxf.547215.n5.nabble.com/Header-Validation-with-Ws-Security-tp5753662.html
Sent from the cxf-user mailing list archive at Nabble.com.
