[
https://issues.apache.org/jira/browse/WSS-245?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh updated WSS-245:
------------------------------------
Fix Version/s: 1.5.9
1.6
> WSHandlerConstants.PW_CALLBACK_REF isn't correctly searched for
> ---------------------------------------------------------------
>
> Key: WSS-245
> URL: https://issues.apache.org/jira/browse/WSS-245
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.5.8
> Environment: WSS4J 1.5.8, Axis1.4, Java 5
> Reporter: Benjamin Temko
> Assignee: Colm O hEigeartaigh
> Priority: Minor
> Fix For: 1.5.9, 1.6
>
> Original Estimate: 0.02h
> Remaining Estimate: 0.02h
>
> It looks as if only the MesageContext is searched for the PW_CALLBACK_REF
> property and not the HandlerOptions as well, as is the case for
> PW_CALLBACK_CLASS. When setting HandlerOptions on an Axis Service for
> UsernameToken processing on the client, you can do one of two things for
> configuring the PasswordCallback:
> HashMap<String, Object> hOptions = new HashMap<String, Object>();
> // options for username token handle
> hOptions.put("action", "UsernameToken");
> hOptions.put("passwordType", "PasswordDigest");
> hOptions.put("deployment", "client");
> hOptions.put("flow", "request-only");
> hOptions.put("user", username);
> hOptions.put("passwordCallbackRef", myCallBackClassObject);
> This, theoretically, simply grabs the reference to the object I hand to it
> and calls its "handle" method, and if I botch that, well, it's garbage in,
> garbage out.
> What I've been chasing is failure to handle the "passwordCallbackRef" option
> appropriately, and I've chased it down to this:
> in WSHandler(getPassword):799
> else if ((cbHandler = (CallbackHandler) getProperty(mc, refProp)) !=
> null) {
> Chasing through the various methods, the outcome is that this line attempts
> to get the CallbackHandler directly from the MessageContext property list
> only, but does not also check the HandlerOptions. What should instead be
> done is:
> else if ((cbHandler = (CallbackHandler) getOption(refProp)) != null
> ||
> (cbHandler = (CallbackHandler) getProperty(mc, refProp)) !=
> null) {
> This searches for the CallbackHandler from the HandlerOptions which has been
> set up as described above as well as checking the MessageContext. This is
> identical in operation to the way that the "passwordCallbackClass" option is
> searched for, i.e. via the both the HandlerOptions and the MessageContext.
> I made this change to my local copy of the WSS4J 1.5.8 source and it worked
> perfectly (or, at least, it worked as I expected it to work). The order can
> be reversed depending on which location for the property you want to override
> the other, but the order I have above is identical to the order in which
> PW_CALLBACK_CLASS is searched.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
