You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by Marcello Ribeiro <ma...@contmatic.com.br> on 2014/01/20 14:05:08 UTC

CXF - WSS4INTERCEPTOR - USERNAME

Is there any way to send username/password from client to server just 
once, using WSS4iNTERCEPTOR? Only during the first login?
I think about keeping a token and using it all next times instead of 
storing username/password to be sent every logins.

In case of a mobile app running in Android as CXF WS client, would it be 
a good practice to store username/password to be used in the other logins?
I don´t think so, but at same time i am looking for solutions to avoid 
password being "hacked" directly in the device;

Att,
Marcello Ribeiro

Re: CXF - WSS4INTERCEPTOR - USERNAME

Posted by Sergey Beryozkin <sb...@gmail.com>.

Hi

I think you are on the right path, you don't really want to request a 
user to enter the name & password into the application this user has 
just installed on the phone.

So get the user obtain a token, a 'binary' token in WS-Security terms, 
and enter this token into the device; and yes, OAuth2 Bearer token can 
be a good candidate

Sergey

On 20/01/14 13:05, Marcello Ribeiro wrote:
> Is there any way to send username/password from client to server just
> once, using WSS4iNTERCEPTOR? Only during the first login?
> I think about keeping a token and using it all next times instead of
> storing username/password to be sent every logins.
>
> In case of a mobile app running in Android as CXF WS client, would it be
> a good practice to store username/password to be used in the other logins?
> I don´t think so, but at same time i am looking for solutions to avoid
> password being "hacked" directly in the device;
>
> Att,
> Marcello Ribeiro