You are viewing a plain text version of this content. The canonical link for it is here.

Posted to fx-dev@ws.apache.org by Kai Wei <we...@gmail.com> on 2004/12/04 00:41:10 UTC

ws-security (wss4j) question

All the client-config.wsdd files I have seen use a callback class to
return the password, as shown below.

	  <requestFlow>
	   <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
	    <parameter name="action" value="UsernameToken"/>
	    <parameter name="user" value="user"/>
	    <parameter name="passwordType" value="PasswordText" />
	    <parameter name="passwordCallbackClass" 
	      value="org.apache.ws.axis.oasis.PWCallback"/>
	   </handler>
	  </requestFlow>

My question is: Is there anyway I can specify the password inline in
client-config.wsdd?

thanks a lot in advance.

Re: possible memory leak in WSSignEnvelope build

Posted by Davanum Srinivas <da...@gmail.com>.

Can you please open a bug report with a small test case?

thanks,
dims


On Wed, 8 Dec 2004 09:53:42 -0500, Ifelsethen CS <ol...@gmail.com> wrote:
> Hi,
> 
> I wonder if anyone has experienced the same problem.
> 
> I put WSSignEnvelope build operation in a for loop; input soap is
> about 1 mega bytes.
> Windows XP and Linux are slightly different but on both of them
> OutOfMemoryError is thrown after 2-4 runs with default heap setting.
> 
> Sizing heap makes the error appear only later.
> 
> --
> oldcat
> 


-- 
Davanum Srinivas - http://webservices.apache.org/~dims/

possible memory leak in WSSignEnvelope build

Posted by Ifelsethen CS <ol...@gmail.com>.

Hi,

I wonder if anyone has experienced the same problem.

I put WSSignEnvelope build operation in a for loop; input soap is
about 1 mega bytes.
Windows XP and Linux are slightly different but on both of them
OutOfMemoryError is thrown after 2-4 runs with default heap setting.

Sizing heap makes the error appear only later.

--
oldcat

Re: ws-security (wss4j) question

Posted by Werner Dittmann <We...@t-online.de>.

No, there is no way to do it unless you change the source.

Setting a password in the deployment files is a bad idea because these
files are cleartext and thus a password is not secure anymore.

regards,
Werner


Kai Wei schrieb:

>All the client-config.wsdd files I have seen use a callback class to
>return the password, as shown below.
>
>	  <requestFlow>
>	   <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
>	    <parameter name="action" value="UsernameToken"/>
>	    <parameter name="user" value="user"/>
>	    <parameter name="passwordType" value="PasswordText" />
>	    <parameter name="passwordCallbackClass" 
>	      value="org.apache.ws.axis.oasis.PWCallback"/>
>	   </handler>
>	  </requestFlow>
>
>My question is: Is there anyway I can specify the password inline in
>client-config.wsdd?
>
>thanks a lot in advance.
>
>  
>