You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by dhogan <di...@forgerock.com> on 2013/12/13 17:06:33 UTC
Re: UsernameTokenValidator
I am running version 2.7.2 of org.apache.cxf.services.sts. I am plugging a
org.apache.ws.security.validate.UsernameTokenValidator subclass as the
Validator in the org.apache.cxf.sts.token.validator.UsernameTokenValidator
class. I was hoping to store some state generated in my
org.apache.ws.security.validate.UsernameTokenValidator instance in the
ServletRequest, which I hoped to pull out of the RequestData instance passed
to the
org.apache.ws.security.validate.UsernameTokenValidator.verifyPlaintextPassword(UsernameToken,RequestData)
method via the getMsgContext() method in the RequestData class. Yet
getMsgContext() always returns null. I notice that the
org.apache.cxf.sts.token.validator.UsernameTokenValidator does not populate
this field by using the getWebServiceContext().getMessageContext() calls on
the TokenValidatorParameters instance passed to validateToken method. I
noticed that the SAMLTokenValidator does not do this either. Is this a bug
(for which I could submit a patch?), or am I missing something?
The PhaseInterceptorChain.getCurrentMessage() work-around works.
Dirk
--
View this message in context: http://cxf.547215.n5.nabble.com/UsernameTokenValidator-tp5707938p5737823.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: UsernameTokenValidator
Posted by dhogan <di...@forgerock.com>.
I would be happy to.
Dirk
--
View this message in context: http://cxf.547215.n5.nabble.com/UsernameTokenValidator-tp5707938p5737827.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: UsernameTokenValidator
Posted by Colm O hEigeartaigh <co...@apache.org>.
Hi,
Yes I suppose all of the STS Validators should set the Message Context on
the RequestData object. Could you submit a patch?
Colm.
On Fri, Dec 13, 2013 at 4:06 PM, dhogan <di...@forgerock.com> wrote:
> I am running version 2.7.2 of org.apache.cxf.services.sts. I am plugging a
> org.apache.ws.security.validate.UsernameTokenValidator subclass as the
> Validator in the org.apache.cxf.sts.token.validator.UsernameTokenValidator
> class. I was hoping to store some state generated in my
> org.apache.ws.security.validate.UsernameTokenValidator instance in the
> ServletRequest, which I hoped to pull out of the RequestData instance
> passed
> to the
>
> org.apache.ws.security.validate.UsernameTokenValidator.verifyPlaintextPassword(UsernameToken,RequestData)
> method via the getMsgContext() method in the RequestData class. Yet
> getMsgContext() always returns null. I notice that the
> org.apache.cxf.sts.token.validator.UsernameTokenValidator does not populate
> this field by using the getWebServiceContext().getMessageContext() calls on
> the TokenValidatorParameters instance passed to validateToken method. I
> noticed that the SAMLTokenValidator does not do this either. Is this a bug
> (for which I could submit a patch?), or am I missing something?
>
> The PhaseInterceptorChain.getCurrentMessage() work-around works.
>
> Dirk
>
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/UsernameTokenValidator-tp5707938p5737823.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com