You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Ruchith Fernando <ru...@gmail.com> on 2006/10/24 05:44:58 UTC
Re: Making WSS4J use a password callback class when only Signature is used.
We do not need any information from the password callback handler
during signature verification since, either, the signing party's cert
is available in the message or we can obtain it from the reference
information provided using the key store specified in the
signatureProperties.
If you want to do this only with signature IMO you will have to do
this in another handler. And you can process the security results
(Example : [1]) and figure out the signing party.
Thanks,
Ruchith
[1] http://www.wso2.net/kb/169
On 10/23/06, Dave Bagguley <da...@hotmail.com> wrote:
> Hello,
>
> I am trying to use Signature to protect access to a service. What I want to
> do is after verifying the signature, check that the user is allowed to
> access the method they are trying to call. I want to do this without having
> to change my existing service so I want to do it in a passwordcallback
> class. I can do this when I use UsernameToken instead of signatures but
> Signatures don't seem to make use of passwordcallback classes. Is there any
> way i can force a passwordcallback class to be used?
>
> Thanks
>
> _________________________________________________________________
> Windows Liveā¢ Messenger has arrived. Click here to download it for free!
> http://imagine-msn.com/messenger/launch80/?locale=en-gb
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org