You are viewing a plain text version of this content. The canonical link for it is here.

Posted to wss4j-dev@ws.apache.org by Vitali Heinrich <vi...@googlemail.com> on 2009/07/14 10:54:47 UTC

PasswordDigest and PasswordText difference

Hi all,

I´m trying to implement WSS4J in our project.
First I tried to implement UsernameToken and with PasswordDigest and
PasswordText.
It works, by a little bit strange.
When I use PasswordDigest with wrong password, I get an exception (fine).
But when I use PasswordText with wrong password, i do not get any
exceptions. Why?
It is a bug, or is there something that I don´t understand.

I use wss4j 1.5.7

My PWCallbackClass looks like these

public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
    for (Callback callback : callbacks) {
        if(callback instanceof WSPasswordCallback){
            WSPasswordCallback passwordCallback =
(WSPasswordCallback)callback;
            String username = passwordCallback.getIdentifier();
            String password = MyUtility.getPassword(username);

            passwordCallback.setPassword(password);
        }
    }
}


Properties on client side:
call.setClientHandlers(new WSDoAllSender(), null);
call.setProperty(WSHandlerConstants.ACTION,
WSHandlerConstants.USERNAME_TOKEN);
call.setProperty(UsernameToken.PASSWORD_TYPE,WSConstants.PW_TEXT);
// or call.setProperty(UsernameToken.PASSWORD_TYPE,WSConstants.PW_DIGEST);
call.setProperty(WSHandlerConstants.USER, "user");
call.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS,PasswordCallbackHandler.class.getName());
call.setProperty(WSHandlerConstants.MUST_UNDERSTAND, "true");


..and on server side:
action=UsernameToken
passwordCallbackClass=com.asy.callback.PasswordProvider

Can somebody help me?
-- 
Best regards
Vitali Heinrich

RE: PasswordDigest and PasswordText difference

Posted by Colm O hEigeartaigh <co...@progress.com>.

> Probebly PasswordText is to check Username and Password by myself and PasswordDigest is checking automaticaly.

 

Correct.

 

> Now I would like to switch by PasswordType, but when I use PasswordDigest on the client side, I get a null in my PWCallbackClass when I use

 

I just fixed that on the relevant branch actually. What you can do instead is query the getUsage() method on the WSPasswordCallback object. It will be of type WSPasswordCallback.USERNAME_TOKEN for a digested password, and WSPasswordCallback.USERNAME_TOKEN_UNKNOWN for a plaintext password or a password of unknown type.

 

Colm.

 

________________________________

From: Vitali Heinrich [mailto:vitali.heinrich@googlemail.com] 
Sent: 14 July 2009 13:40
To: wss4j-dev@ws.apache.org
Subject: Re: PasswordDigest and PasswordText difference

 

Hi all,

I think I know now the reasen.
Probebly PasswordText is to check Username and Password by myself and PasswordDigest is checking automaticaly.

Now I would like to switch by PasswordType, but when I use PasswordDigest on the client side, I get a null in my PWCallbackClass when I use:
passwordCallback.getPasswordType();
With PasswordText I get the right String (WSConstants.PASSWORD_TEXT ).

2009/7/14 Vitali Heinrich <vi...@googlemail.com>

Hi all,

I´m trying to implement WSS4J in our project.
First I tried to implement UsernameToken and with PasswordDigest and PasswordText.
It works, by a little bit strange.
When I use PasswordDigest with wrong password, I get an exception (fine).
But when I use PasswordText with wrong password, i do not get any exceptions. Why?
It is a bug, or is there something that I don´t understand.

I use wss4j 1.5.7

My PWCallbackClass looks like these

public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (Callback callback : callbacks) {
        if(callback instanceof WSPasswordCallback){
            WSPasswordCallback passwordCallback = (WSPasswordCallback)callback;
            String username = passwordCallback.getIdentifier();
            String password = MyUtility.getPassword(username);
            
            passwordCallback.setPassword(password);
        }
    }
}


Properties on client side:
call.setClientHandlers(new WSDoAllSender(), null);
call.setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
call.setProperty(UsernameToken.PASSWORD_TYPE,WSConstants.PW_TEXT);
// or call.setProperty(UsernameToken.PASSWORD_TYPE,WSConstants.PW_DIGEST);
call.setProperty(WSHandlerConstants.USER, "user");
call.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS,PasswordCallbackHandler.class.getName());
call.setProperty(WSHandlerConstants.MUST_UNDERSTAND, "true");


..and on server side:
action=UsernameToken
passwordCallbackClass=com.asy.callback.PasswordProvider

Can somebody help me?
-- 
Best regards
Vitali Heinrich




-- 
Viele Grüße
Vitali Heinrich

Re: PasswordDigest and PasswordText difference

Posted by Vitali Heinrich <vi...@googlemail.com>.

Hi all,

I think I know now the reasen.
Probebly PasswordText is to check Username and Password by myself and
PasswordDigest is checking automaticaly.

Now I would like to switch by PasswordType, but when I use PasswordDigest on
the client side, I get a null in my PWCallbackClass when I use:
passwordCallback.getPasswordType();
With PasswordText I get the right String (WSConstants.PASSWORD_TEXT ).

2009/7/14 Vitali Heinrich <vi...@googlemail.com>

> Hi all,
>
> I´m trying to implement WSS4J in our project.
> First I tried to implement UsernameToken and with PasswordDigest and
> PasswordText.
> It works, by a little bit strange.
> When I use PasswordDigest with wrong password, I get an exception (fine).
> But when I use PasswordText with wrong password, i do not get any
> exceptions. Why?
> It is a bug, or is there something that I don´t understand.
>
> I use wss4j 1.5.7
>
> My PWCallbackClass looks like these
>
> public void handle(Callback[] callbacks) throws IOException,
> UnsupportedCallbackException {
>     for (Callback callback : callbacks) {
>         if(callback instanceof WSPasswordCallback){
>             WSPasswordCallback passwordCallback =
> (WSPasswordCallback)callback;
>             String username = passwordCallback.getIdentifier();
>             String password = MyUtility.getPassword(username);
>
>             passwordCallback.setPassword(password);
>         }
>     }
> }
>
>
> Properties on client side:
> call.setClientHandlers(new WSDoAllSender(), null);
> call.setProperty(WSHandlerConstants.ACTION,
> WSHandlerConstants.USERNAME_TOKEN);
> call.setProperty(UsernameToken.PASSWORD_TYPE,WSConstants.PW_TEXT);
> // or call.setProperty(UsernameToken.PASSWORD_TYPE,WSConstants.PW_DIGEST);
> call.setProperty(WSHandlerConstants.USER, "user");
>
> call.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS,PasswordCallbackHandler.class.getName());
> call.setProperty(WSHandlerConstants.MUST_UNDERSTAND, "true");
>
>
> ..and on server side:
> action=UsernameToken
> passwordCallbackClass=com.asy.callback.PasswordProvider
>
> Can somebody help me?
> --
> Best regards
> Vitali Heinrich
>



-- 
Viele Grüße
Vitali Heinrich