Why does the user validation result need to be in the header? This is not standard behaviour.
Colm. On Wed, Jan 28, 2015 at 12:04 PM, sdm <[email protected]> wrote: > I need to develop webservice using cxf and WS-security which i have done > (standard recommendation)and looks like > > public class ServerPasswordCallback implements CallbackHandler { > public void handle(Callback[] callbacks) throws IOException, > UnsupportedCallbackException { > WSPasswordCallback pc = (WSPasswordCallback) callbacks[0]; > > if ("someusername".equals(pc.getIdentifier())) { > System.out.println("pc.getPassword() " + pc.getPassword()); > pc.setPassword("somepassword"); > } > > } > } > The issue is that the user validation result needs to be in the header. > > > <SOAP-ENV:Envelope > xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; > xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401- > wss-wssecurity-secext-1.0.xsd" > > <SOAP-ENV:Header> > <ns1:Security>true</ns1:Security> > </SOAP-ENV:Header>...........</SOAP-ENV:Envelope> > > If i am not wrong that I need to validate the usertoken in some custom > interceptor or modify the ServerPasswordCallback.How should i go about it > and what could be the advantages? Apologies if anyone has already answered > this.You can also direct me to the link.Thanks in advance. > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/Header-Validation-with-Ws-Security-tp5753662.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
