Hi Freeman, thank you, it seems much better now with the cxfbc:consumer and JAAS authentication. The user will be authenticated.
*BUT how not to use the passwordCallbackHandler?* Which interceptors should be used now or how to better configure the WSS4JInInterceptor? When I use the WSS4JInInterceptor, I must still manually return valid password in the passwordCallbackHandler. And when I remove the WSS4JInInterceptor from the cxfbc:consumer, no authentication performs. I tried to use the *"ws-security.validate.token"* and *"ws-security.ut.no-callbacks"* parameters in cxfbc:consumer and in WSS4JInInterceptor too, but the *passwordCallbackHandler will be always called.* Is the user authenticated twice now? When I change the password in my passwordCallbackHandler, the authentication fails. And when I remove the jaas realm "servicemix-domain" from jaasRealm.xml, it fails too (no realm servicemix-domain found). Thanks, Radomir -- View this message in context: http://servicemix.396122.n5.nabble.com/JAAS-configuration-ClassNotFoundException-UsernameTokenProcessor-tp4794258p4801883.html Sent from the ServiceMix - User mailing list archive at Nabble.com.
