Hi,
in case of PassowrdText this is not a bug. In this case the
callback shall check the
password if required (WSS4J cannot do itbecause there is no
algorithm specified how
to check a PasswordText). WSS4J delegates the password
check to
the password class if the password type is _not_
PasswordDigest. If the callback class
may throw an exception in case the password is wrong. You
may have a look
at:
interop/org/apache/ws/axis/oasis/PWCallback1.java.
I'll also add a topic to the FAQ about the callback in the
next days.
Regards,
Werner
Von: Zhang XieYao [mailto:[EMAIL PROTECTED]
Gesendet: Dienstag, 17. Januar 2006 09:18
An: [email protected]
Betreff: Possible Bug?(about passwordType)Hi
i use wss4j on axis, snip of client-config.wsdd is :
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="UsernameToken"/>
<parameter name="user" value="wss4j2"/>
<parameter name="passwordType" value="PasswordText" /> <parameter name="passwordCallbackClass" value="study.PWCallback"/>
</handler>
But , any password will be allowed to call axis service.
If I set <parameter name="passwordType" value="PasswordDigest" />, it will be work very well.
Is it a bug ?
Best Regard
simon
