We do not need any information from the password callback handler during signature verification since, either, the signing party's cert is available in the message or we can obtain it from the reference information provided using the key store specified in the signatureProperties.
If you want to do this only with signature IMO you will have to do this in another handler. And you can process the security results (Example : [1]) and figure out the signing party. Thanks, Ruchith [1] http://www.wso2.net/kb/169 On 10/23/06, Dave Bagguley <[EMAIL PROTECTED]> wrote:
Hello, I am trying to use Signature to protect access to a service. What I want to do is after verifying the signature, check that the user is allowed to access the method they are trying to call. I want to do this without having to change my existing service so I want to do it in a passwordcallback class. I can do this when I use UsernameToken instead of signatures but Signatures don't seem to make use of passwordcallback classes. Is there any way i can force a passwordcallback class to be used? Thanks _________________________________________________________________ Windows Liveā¢ Messenger has arrived. Click here to download it for free! http://imagine-msn.com/messenger/launch80/?locale=en-gb --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- www.ruchith.org --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
