You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2010/09/12 14:04:34 UTC
[jira] Updated: (WSS-245) WSHandlerConstants.PW_CALLBACK_REF isn't
correctly searched for
[ https://issues.apache.org/jira/browse/WSS-245?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh updated WSS-245:
------------------------------------
Fix Version/s: 1.5.9
1.6
> WSHandlerConstants.PW_CALLBACK_REF isn't correctly searched for
> ---------------------------------------------------------------
>
> Key: WSS-245
> URL: https://issues.apache.org/jira/browse/WSS-245
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.5.8
> Environment: WSS4J 1.5.8, Axis1.4, Java 5
> Reporter: Benjamin Temko
> Assignee: Colm O hEigeartaigh
> Priority: Minor
> Fix For: 1.5.9, 1.6
>
> Original Estimate: 0.02h
> Remaining Estimate: 0.02h
>
> It looks as if only the MesageContext is searched for the PW_CALLBACK_REF property and not the HandlerOptions as well, as is the case for PW_CALLBACK_CLASS. When setting HandlerOptions on an Axis Service for UsernameToken processing on the client, you can do one of two things for configuring the PasswordCallback:
> HashMap<String, Object> hOptions = new HashMap<String, Object>();
> // options for username token handle
> hOptions.put("action", "UsernameToken");
> hOptions.put("passwordType", "PasswordDigest");
> hOptions.put("deployment", "client");
> hOptions.put("flow", "request-only");
> hOptions.put("user", username);
> hOptions.put("passwordCallbackRef", myCallBackClassObject);
> This, theoretically, simply grabs the reference to the object I hand to it and calls its "handle" method, and if I botch that, well, it's garbage in, garbage out.
> What I've been chasing is failure to handle the "passwordCallbackRef" option appropriately, and I've chased it down to this:
> in WSHandler(getPassword):799
> else if ((cbHandler = (CallbackHandler) getProperty(mc, refProp)) != null) {
> Chasing through the various methods, the outcome is that this line attempts to get the CallbackHandler directly from the MessageContext property list only, but does not also check the HandlerOptions. What should instead be done is:
> else if ((cbHandler = (CallbackHandler) getOption(refProp)) != null ||
> (cbHandler = (CallbackHandler) getProperty(mc, refProp)) != null) {
> This searches for the CallbackHandler from the HandlerOptions which has been set up as described above as well as checking the MessageContext. This is identical in operation to the way that the "passwordCallbackClass" option is searched for, i.e. via the both the HandlerOptions and the MessageContext.
> I made this change to my local copy of the WSS4J 1.5.8 source and it worked perfectly (or, at least, it worked as I expected it to work). The order can be reversed depending on which location for the property you want to override the other, but the order I have above is identical to the order in which PW_CALLBACK_CLASS is searched.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org