You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by Jennifer Ruttan <je...@indivica.com> on 2013/10/31 20:34:00 UTC

Programatically Setting Password for WSS4JIn/OutInterceptor passwordCallbackClass?

Hi

I have a web service client that translates a request (in JSON) from a client into a SOAP message that is passed along to the actual web service. Because of the way that this "translator" needs to be configured, there will be multiple clients connecting to it and supplying their own UsernameToken username/password combinations.

The way that I configure the UsernameToken has been with:
Map<String, Object> ctx = ((BindingProvider)port).getRequestContext();
ctx.put("ws-security.username", username);
ctx.put("ws-security.password", password);

I'm not sure that the second line is necessary, because I still have to provide a "passwordCallbackClass" entry in the Map<String, Object> that is used as a parameter for the WSS4JOutInterceptor. The entry points to a class that extends CallbackHandler and supplies the password for the given username.

All of my configuration to this point has been done without Spring. What I want to do is supply an INSTANCE to passwordCallbackClass (or its equivalent) and not a String representing the name of the class. That way I can create a unique PasswordHandler for each request that includes the password for the given username.

Or is my configuration incorrect from the beginning?

Thanks
Jen

Re: Programatically Setting Password for WSS4JIn/OutInterceptor passwordCallbackClass?

Posted by Jennifer Ruttan <je...@indivica.com>.

I solved my own problem, I think. Instead of passwordCallbackClass, it's passwordCallbackRef (answer discovered here: http://ws.apache.org/wss4j/config.html)


On Oct 31, 2013, at 3:34 PM, Jennifer Ruttan <je...@indivica.com> wrote:

> Hi
> 
> I have a web service client that translates a request (in JSON) from a client into a SOAP message that is passed along to the actual web service. Because of the way that this "translator" needs to be configured, there will be multiple clients connecting to it and supplying their own UsernameToken username/password combinations.
> 
> The way that I configure the UsernameToken has been with:
> Map<String, Object> ctx = ((BindingProvider)port).getRequestContext();
> ctx.put("ws-security.username", username);
> ctx.put("ws-security.password", password);
> 
> I'm not sure that the second line is necessary, because I still have to provide a "passwordCallbackClass" entry in the Map<String, Object> that is used as a parameter for the WSS4JOutInterceptor. The entry points to a class that extends CallbackHandler and supplies the password for the given username.
> 
> All of my configuration to this point has been done without Spring. What I want to do is supply an INSTANCE to passwordCallbackClass (or its equivalent) and not a String representing the name of the class. That way I can create a unique PasswordHandler for each request that includes the password for the given username.
> 
> Or is my configuration incorrect from the beginning?
> 
> Thanks
> Jen
> 
> 
>