Definitely a strange use case. Normally if the user cannot be validated, a fault would have been raised so if a fault isn’t raised, then we know the user was validated and no need for a strange header.
That said, an Interceptor on the “out" chain could look at the incoming message and add an additional header if necessary. Another note: > <ns1:Security>true</ns1:Security> would be completely invalid if ns1 is the wss-wssecurity-secext-1.0.xsd namespace. Would have to have element content. Dan > On Jan 28, 2015, at 7:04 AM, sdm <[email protected]> wrote: > > I need to develop webservice using cxf and WS-security which i have done > (standard recommendation)and looks like > > public class ServerPasswordCallback implements CallbackHandler { > public void handle(Callback[] callbacks) throws IOException, > UnsupportedCallbackException { > WSPasswordCallback pc = (WSPasswordCallback) callbacks[0]; > > if ("someusername".equals(pc.getIdentifier())) { > System.out.println("pc.getPassword() " + pc.getPassword()); > pc.setPassword("somepassword"); > } > > } > } > The issue is that the user validation result needs to be in the header. > > > <SOAP-ENV:Envelope > xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; > xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401- > wss-wssecurity-secext-1.0.xsd" > > <SOAP-ENV:Header> > <ns1:Security>true</ns1:Security> > </SOAP-ENV:Header>...........</SOAP-ENV:Envelope> > > If i am not wrong that I need to validate the usertoken in some custom > interceptor or modify the ServerPasswordCallback.How should i go about it > and what could be the advantages? Apologies if anyone has already answered > this.You can also direct me to the link.Thanks in advance. > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/Header-Validation-with-Ws-Security-tp5753662.html > Sent from the cxf-user mailing list archive at Nabble.com. -- Daniel Kulp [email protected] - http://dankulp.com/blog Talend Community Coder - http://coders.talend.com
