Hi, Please see the following thread: http://marc.theaimsgroup.com/?l=wss4j-dev&w=2&r=1&s=Possible+Bug%3F%28about+passwordType%29&q=b
In the case of plain text password you can carryout the authentication of the UsernameToken at the service and you can get the user name and password from the message context as shown here: http://marc.theaimsgroup.com/?l=wss4j-dev&m=114067336429534&w=2 Thanks, Ruchith On 3/2/06, Dustin Henson <[EMAIL PROTECTED]> wrote: > Can anyone explain how WSPasswordCallback.setPassword() works within the > Password Callback Handler? > > My code below is based on the example for validating a digested password. It > loads a bean called 'cred' with the security information for the given user. > It then checks the supplied password against the correct password by calling > pc.setPassword(cred.password), at least that is my understanding of what > setPassword() does. > > My confusion happens when the client sends a clear text password instead of a > digested one. This code then accepts any password! > > I am sure I am missing something basic here. Can anyone explain it to me? > > for (int i = 0; i < callbacks.length; i++) > { > // Get the login info passed to the WS > if (callbacks[i] instanceof WSPasswordCallback == false) > { throw new UnsupportedCallbackException(callbacks[i], "LOGIN > ERROR: Unrecognized Callback. Expected type WSPasswordCallback"); > } > WSPasswordCallback pc = (WSPasswordCallback)callbacks[i]; > > String wsLogin = pc.getIdentifer(); > String wsPassword = pc.getPassword(); > System.out.println("Web Service Login Values:"); > System.out.println(" wsLogin = " + wsLogin); > System.out.println(" wsPassword = " + wsPassword); > > // Get the info for this login > LoginInfo cred; > try > { > cred = loginTool.getLoginInfo(wsLogin); > if (cred == null) > { throw new IOException("LOGIN ERROR: The login '" + > wsLogin + "' and password given did not authenticate."); > } > } > catch (SQLException e) > { throw new IOException("LOGIN ERROR: Unable to connect to the > security repository. Failed with error message: " + e.getMessage()); > } > System.out.println("Login '" + wsLogin + "' found in security > repository for agency '" + cred.agency + "'."); > > // Validate the password given > System.out.println(" Required Password = " + cred.password); > System.out.println(" Password Before set = " + > pc.getPassword()); > pc.setPassword(cred.password); // For digested password this > computes an encrypted value that must equal the value sent > System.out.println(" Password After set = " + > pc.getPassword()); > } > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
