THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Note that for the special case of a plain-text password (or any other yet unknown password type), the password validation is delegated to the callback class, see org.apache.ws.security.processor.UsernameTokenProcessor#handleUsernameToken() method javadoc of the WSS4Jproject. In that case, the ServerPasswordCallback should be somethine something like the following one:
Code Block | ||||
---|---|---|---|---|
| ||||
public class ServerPasswordCallback implements CallbackHandler { public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { WSPasswordCallback pc = (WSPasswordCallback) callbacks[0]; if (pc.getId().equals("joe") { if (!pc.getPassword().equals("password")) { throw new SecurityException("wrong password"); } } } } |
...