I am trying to follow this document to implement UsernameToken security.
http://ws.apache.org/wss4j/axis.html
When I add following tag in my deploy.wsdd file, redeploy the service and test my client, I don't get any security exception. I should get security exception because my client doesn't send any username password to the service.
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="passwordCallbackClass" value="PWCallback"/>
<parameter name="action" value="UsernameToken"/>
</handler>
</requestFlow>
I
checked
the server-config.wsdd file under axis deployment in tomcat and
<requestFlow> tag under that servuce is never written to that
file. Only service tag without <requestFlow> gets written to
server-config.wsdd file. Like this:
<service name="MyService" provider="java:RPC">
<parameter name="allowedMethods" value="*"/>
<parameter name="className" value="samples.userguide.example3.MyService"/>
</service>
I tried to put the <requestFlow> tag manually under <service> tag and restarted tomcat. I tried to access http://localhost:8080/axis/servlet/AxisServlet
(list of all services) and nothing comes up.
I have all axis jar and wss4j jar files under classpath and tomcat lib folder. I also have PWCallback class under axis/WEB-INF/classes folder.
How do i solve this?
Any help is appreciated.
Thanks.
<service name="MyService" provider="java:RPC">
<parameter name="allowedMethods" value="*"/>
<parameter name="className" value="samples.userguide.example3.MyService"/>
</service>
I tried to put the <requestFlow> tag manually under <service> tag and restarted tomcat. I tried to access http://localhost:8080/axis/servlet/AxisServlet
(list of all services) and nothing comes up.
I have all axis jar and wss4j jar files under classpath and tomcat lib folder. I also have PWCallback class under axis/WEB-INF/classes folder.
How do i solve this?
Any help is appreciated.
Thanks.
--
