You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Ruchith Fernando <ru...@gmail.com> on 2007/08/09 14:29:59 UTC
Re: Axis2 1.2, Rampart 1.2 passwordType question
Note that the "usage" flag of the
org.apache.ws.security.WSPasswordCallback instance passed into your
callback handler implementation is set to
WSPasswordCallback#USERNAME_TOKEN in the password digest case (since
we need to supply the password to compute the digest) and in the plain
text case it is set to WSPasswordCallback#USERNAME_TOKEN_UNKNOWN and
the password received is *available* in the
org.apache.ws.security.WSPasswordCallback instance to carry out
authentication at the callback handler. Therefore you can do your
validation here at you implementation of the callback handler.
Thanks,
Ruchith
On 7/25/07, Kevin TierOne <ke...@gmail.com> wrote:
> In the axis2 client, it looks like it is possible to configure password
> authentication with clear text passwords or a password digest. Like this:
>
>
>
> <passwordType>PasswordText</passwordType> or
>
>
> <passwordType>PasswordDigest</passwordType>
>
>
> On the Axis2 server, my inflow security is similar to rampart's sample02:
> <parameter name="InflowSecurity">
> <action>
> <items>UsernameToken Timestamp</items>
>
> <passwordCallbackClass>myClass</passwordCallbackClass>
> </action>
> </parameter>
>
>
> Is it possible to configure the server to require a Password Digest? It
> would be nice if I can configure the server to fail authentication if the
> password sent in clear text.
>
> Thanks,
> Kevin
>
--
www.ruchith.org
www.wso2.org
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org