You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Steffen Schäffner <st...@seetec.de> on 2011/04/27 12:53:56 UTC
Problems with WS-Security UsernameToken authorization
Is it possible to change the algorithm which calculates the digest?
Currently I am doing it this way:
Endpoint endpoint = client.getEndpoint();
Map<String, Object> properties = new HashMap<String, Object>();
properties.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
properties.put(WSHandlerConstants.USER, username);
properties.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST);
properties.put(WSHandlerConstants.PW_CALLBACK_CLASS, MyPasswordCallbackHandler.class.getName());
WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(properties);
endpoint.getOutInterceptors().add(wssOut);
// MyPasswordCallbackHandler
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
WSPasswordCallback wsPasswordCallback = (WSPasswordCallback) callbacks[0];
wsPasswordCallback.setPassword(password);
}
Are there any alternative ways to calculate the digest?
Thanks!
Re: Problems with WS-Security UsernameToken authorization
Posted by Colm O hEigeartaigh <co...@apache.org>.
> Is it possible to change the algorithm which calculates the digest?
No, you must use SHA-1, as this is what the UsernameToken Profile 1.1
mandates. Could you explain the use-case you have in more detail?
Colm.
2011/4/27 Steffen Schäffner <st...@seetec.de>:
> Is it possible to change the algorithm which calculates the digest?
>
> Currently I am doing it this way:
>
> Endpoint endpoint = client.getEndpoint();
> Map<String, Object> properties = new HashMap<String, Object>();
> properties.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
> properties.put(WSHandlerConstants.USER, username);
> properties.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST);
> properties.put(WSHandlerConstants.PW_CALLBACK_CLASS, MyPasswordCallbackHandler.class.getName());
> WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(properties);
> endpoint.getOutInterceptors().add(wssOut);
>
> // MyPasswordCallbackHandler
>
> @Override
> public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
> WSPasswordCallback wsPasswordCallback = (WSPasswordCallback) callbacks[0];
> wsPasswordCallback.setPassword(password);
> }
>
> Are there any alternative ways to calculate the digest?
>
> Thanks!
>