You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by TMueller <te...@permeance.com.au> on 2007/04/16 07:20:57 UTC
How to throw authentication exceptions when using
USERNAME_TOKEN_UNKNOWN
We are using USERNAME_TOKEN_UNKNOWN to implement our CallbackHandler.
WSPasswordCallback pwcb = (WSPasswordCallback) callbacks[i];
if (pwcb.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN)
{
try
{
String username = pwcb.getIdentifer();
String password = pwcb.getPassword();
// do login
}
catch (Exception e)
{
throw new
WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION,
"failedAuthentication", new Object[] { username }, e);
}
}
However, the UsernameTokenProcessor wraps any IOException in a
WSSecurityException(WSSecurityException.FAILURE,"noPassword", new
Object[]{user}) so the error message in the SOAP fault is very misleading.
Would it make sense to change UsernameTokenProcessor to include:
} catch (WSSecurityException e) {
throw e;
}
or am I missing something about how to handle authentication failures
properly?
Thanks!
--
View this message in context: http://www.nabble.com/How-to-throw-authentication-exceptions-when-using-USERNAME_TOKEN_UNKNOWN-tf3582423.html#a10010357
Sent from the WSS4J mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org