You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by An...@mro.com on 2006/02/09 21:18:21 UTC

Re: AW: wss4j usernametoken question : possible 2 bugs

Hi Werner
I looked up ur prev responses and figured a way out to call that security
handler while using the Call interface [DII client]. But I think I fould 2
bugs in the process.
Pls take a look at the code below:
[Bug 1????] Here if I set the PWCallBack instance using the REF property
then it does not work - it only works if I set the class name property.
[Bug 2????] Here even though I set the .PASSWORD_TYPE,
WSConstants.PASSWORD_TEXT - I see the soap message on wire using tcpmon and
I can see the password digest going through. So what I am missing?? OR this
is a bug?


Question:
Its not possible for the application to have the clear text password ready
to set into the PWCallBack class in the server side. The users might be
configured in the LDAP or j2ee containers user registry and there is no way
that the call back code can get the password in clear text format or not
get the password at all. So in that case I am not sure how does the axis
WSS work for username token profile. Does anyone see the problem here or I
am missing something?


  private static EngineConfiguration createClientConfig(String username,
String password)
  {
      try
      {
            SimpleProvider clientConfig=new SimpleProvider();

            Handler securityHandler= (Handler)new WSDoAllSender();

            securityHandler.setOption(WSHandlerConstants.ACTION,
"UsernameToken");




//securityHandler.setOption(WSHandlerConstants.SIG_PROP_FILE,this.WSS_SIG_PR
            //OPERTIES);
            securityHandler.setOption(WSHandlerConstants.PASSWORD_TYPE,
WSConstants.PASSWORD_TEXT);
            securityHandler.setOption(WSHandlerConstants.USER, username);

            securityHandler.setOption(WSHandlerConstants.PW_CALLBACK_CLASS,
"psdi.iface.webservices.PWCallBack");

            SimpleChain reqHandler=new SimpleChain();

            SimpleChain respHandler=new SimpleChain();

            // add the handler to the request

            reqHandler.addHandler(securityHandler);

            Handler pivot=(Handler)new HTTPSender();

            Handler transport=new SimpleTargetedChain(reqHandler, pivot,
null);

clientConfig.deployTransport(HTTPTransport.DEFAULT_TRANSPORT_NAME,transport);


            return clientConfig;

      }
      catch(Exception e)
      {
            e.printStackTrace();
            return null;
      }
  }

thanks
Anamitra



                                                                           
             "Dittmann,                                                    
             Werner"                                                       
             <werner.dittmann@                                          To 
             siemens.com>              <An...@mro.com>,   
                                       <ws...@ws.apache.org>           
             02/09/2006 02:06                                           cc 
             AM                                                            
                                                                   Subject 
                                       AW: wss4j usernametoken question    
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           




Anamitra,

do you have set up an Axis deployment file for your
client that instructs Axis to use the security handler?

Just setting the properties is not enough to invoke
the security handler. Please have a look in the interop/*
directories or consult the WSS4J Wiki pages.

Regards,
Werner

> -----Ursprüngliche Nachricht-----
> Von: Anamitra.Bhattacharyya@mro.com
> [mailto:Anamitra.Bhattacharyya@mro.com]
> Gesendet: Mittwoch, 8. Februar 2006 21:37
> An: wss4j-dev@ws.apache.org
> Betreff: wss4j usernametoken question
>
>
> Hi
> I am trying to write a JAX-RPC DII client [so no stubs
> generated] to invoke
> a axis web service that has usernametoken ws security
> enabled. Have gone
> through all the docs and not able to figure out how to set
> username/password properties in the Call object to invoke the
> web service
> with WS security headers. My old code used to have
>
>       call.setProperty(Call.USERNAME_PROPERTY, username);
>       call.setProperty(Call.PASSWORD_PROPERTY, password);
>
> This doesn ot work anymore as it was prsumably setting into the http
> header.
>
> I tried this code
>
>         call.setProperty(UsernameToken.PASSWORD_TYPE,
> WSConstants.PASSWORD_TEXT);
>         call.setProperty(WSHandlerConstants.USER, username);
>
>         call.setProperty(WSHandlerConstants.PW_CALLBACK_REF,
> Class.forName("psdi.iface.webservices.PWCallBack").newInstance());
>
>
> And it does not generate the ws sec headers for username token. Just
> wondering how can I write a client in a standard way to do this
> invovocation?
>
> thanks
> Anamitra
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org