Sorry guys,
I figured both questions out myself. The first one was my wrong
thinking, and the second one was just a metter of editing the right
client wsdd file :-).
Regards,
Stefan
Stefan Schmidt wrote:
Werner, dims
Thanks for your help. I got most of it running now. Anyway, I have got
two more questions:
I am using an Axis client with the following setup:
<requestFlow >
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="UsernameToken"/>
<parameter name="user" value="wss4j"/>
<parameter name="passwordCallbackClass"
value="com.ibm.dw.bookshop.j2seclient.handlers.PWCallbackHandler"/>
<parameter name="passwordType" value="PasswordText"/>
<parameter name="mustUnderstand" value="true"/>
</handler>
</requestFlow >
Question 1: Why does the WSDoAllSender ignore the passwordType and
sends it as PasswordDigest instead?
Then I am trying to access the username/password in my server side
callbackHandler:
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof WSPasswordCallback) {
WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
System.out.println("Username: "+pc.getIdentifer()
+"\nPassword:
"+pc.getPassword()+"\nPasswordType: "+pc.getPasswordType());
Question 2: I am able to see the username at the server side but not
the Password and PasswordType - both are null - why is that?
Thanks.
Regards,
Stefan
Werner Dittmann wrote:
Stefan,
according to the action: pls have a look in the javadoc of
"WSHandlerConstants" ins the package "**/security/handler".
The password call is ndependetn of Ais, it is used to a hook
to get the password.
The dpeloyment tag (the deployment value) can be set the
same way as any other parameter. This is a specific
parameter of the JAXRPC handler because this handler contains
the receiver and the sender part. The "deployment" parameter
and the "flow" control how the handler works, if its a client
side handler etc.
Pls have a look into the interop/unit tests TestJAXRPC* about
the usage.
Regads,
Werner
Stefan Schmidt wrote:
dims,
Thanks for this tip, this seems much easier. However, I am still having
problems:
1. I assume that I include the WSS4JHandler directly in my handler
chain:
webservices.xml
...
<handler>
<handler-name>Security Handler</handler-name>
<handler-class>org.apache.ws.security.handler.WSS4JHandler</handler-class>
<!--
<init-param>
<param-name>passwordCallbackClass</param-name>
<param-value>com.ibm.dw.bookshop.handlers.PWCallbackHandler</param-value>
</init-param>
-->
</handler>
...
2. I think I have to the define the required action eg: encrypt, sign,
username, etc. Where do I find a compilation of the action attributes
and their values so I know what exactly I should specify here.
3. I have tried to deploy the above posed handler and get the following
exception:
WSS4JHandler.processMessage: No deployment defined
(WSS4JHandler line 141)
Since I am not using Axis wsdd's there is no 'deployment' tag in my
JAXRPC Web service. How do I supply this information to
WSS4JHandler?
4. When I want to use username/password challenge I have to implement a
CallbackHandler and specify it just like in the Axis example - right?
Thanks!
Regards,
Stefan
<SNIP> <SNAP>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
