You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-user@axis.apache.org by Ulf Dittmer <ul...@ulfdittmer.com> on 2006/02/16 10:13:44 UTC

Re: WSS4j with "passwordText" doesn't work

Hi-

It's a little counter-intuitive, because it works in different ways
depending on whether you use cleartext or digested passwords. I'm
attaching a handler that does both, and which works fine for me.

Ulf


// the username and password we expect incoming WS calls to use
private String user = "wsuser";
private String pwd = "wspwd";

public void handle (Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
  for (int i = 0; i < callbacks.length; i++) {
    if (callbacks[i] instanceof WSPasswordCallback) {
      WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];

      if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN) {
        // digested password
        if (user.equals(pc.getIdentifer()))
          pc.setPassword(pwd);
      } else if (pc.getUsage() ==
WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
        // cleartext password
        if (! user.equals(pc.getIdentifer()))
          throw new IOException("unknown user: "+pc.getIdentifer());

        if (! pwd.equals(pc.getPassword()))
          throw new IOException("password incorrect for user:
"+pc.getIdentifer());
      }
    } else {
      throw new UnsupportedCallbackException(callbacks[i], "Unrecognized
Callback");
    }
  }
}