Password-Callback-Handler - Rampart policy sample01

[Steffen Engelmann <u2...@hs-harz.de>]

Hi

I have problems understanding the use of password callback handlers on server side. I tryed out the following example [1] and the rampart policy sample01. Why must the password be set on the server side? In my opinion, I need a seperate password callback handler on the client and an other one on the server side. On the client side the user credentials have to be set and on the server side only the user credentials have to be checked. 


1. Why is it necessary to set the password on the server-side like this?

  //When the client requests for the password to be added in to the 
  //UT element
  pwcb.setPassword("bobPW");

If I don't use the code line above, I get the fallowing error message:

  The security token could not be authenticated or authorized


2. What is the difference to set the user credentials with the following code [2] between the setting in an policy file, using an password callback handler and the code [3]?

[2]
  options.setUserName("apache");
  options.setPassword("password");

[3]
  private static Policy loadPolicy(String xmlPath) throws Exception {
    StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
    return PolicyEngine.getPolicy(builder.getDocumentElement());
  }

If I use [2] I got the following error message:

  Missing wsse:Security header in request


3. How can I set the client side user credentials if I use generated stubs? The generation process generates two files <name of service>Stub and <name of service>CallbackHandler? I get the following error message:

  SOAP header missing


steffen

[1] http://wso2.org/library/3190

---------------------------------------------------------------------
To unsubscribe, e-mail: java-user-unsubscribe@axis.apache.org
For additional commands, e-mail: java-user-help@axis.apache.org