As I understooed it, it depends on the "usage code" (Werner/Dims can
validate :). For example, if you are expecting the username and password to
be sent as an input so you can validate, then:
if (callbacks[i] instanceof WSPasswordCallback) {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
logInfo(pc);
// We are doing authentication only, so the usage code must
// match the WSPasswordCallback.USERNAME_TOKEN_UNKNOWN value
// i.e. "5"
if (pc.getUsage() !=
WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
throw new UnsupportedCallbackException(callbacks[i],
"Usage code was not USERNAME_TOKEN_UNKNOWN - value
was "
+ pc.getUsage());
}
// Get the username and password that were sent
String username = pc.getIdentifer();
String password = pc.getPassword();
// Now pass them to your authentication mechanism
authenticate(username, password); // throws
WSSecurityException.FAILED_AUTHENTICATION on failure
} else {
throw new UnsupportedCallbackException(callbacks[i],
"Unrecognized Callback");
}
If on the other hand, you're a client who is making a request, then the
callback needs to find and "fill in" the password:
if (callbacks[i] instanceof WSPasswordCallback) {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
logInfo(pc);
// We need the password to fill in, so the usage code must
// match the WSPasswordCallback.USERNAME_TOKEN value
// i.e. "2"
if (pc.getUsage() != WSPasswordCallback.USERNAME_TOKEN) {
throw new UnsupportedCallbackException(callbacks[i],
"Usage code was not USERNAME_TOKEN - value was "
+ pc.getUsage());
}
// Get the username that was sent
String username = pc.getIdentifer();
// Now find the password from the user store, and set it
String password = findPassword(username);
pc.setPassword(password);
} else {
throw new UnsupportedCallbackException(callbacks[i],
"Unrecognized Callback");
}
Regards,
Sunil
-----Original Message-----
From: Schweter, Ryan [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 15, 2005 12:24
To: [email protected]
Subject: Password Callback Confusion
I'm obviously missing something right in front of me, but I'm not fully
comprehending the Callback model.
So the callback is called, and I'm supposed to get the users' password and
set it on the WSPasswordCallback obj. Where does the incoming password get
compared to the one from the user store (I looked in WSSecurityEngine and
didn't see it)? Should the PasswordCallback class compare? If so, what
should occur when an invalid user or password is discovered? Perhaps I've
setup something wrong in my test WS, but no matter what password I use, it
works.
Again, sorry if the answer is obvious.
_____________________________________________________
|\| R Y A N S C H W E T E R |\|
|/|¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ |/|
|\| developer \|
|/| IT Application Delivery
|\| .: 512.742.7875
|/| .: [EMAIL PROTECTED]
|\|
¯¯¯
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
