THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
For the server side, you'll want to set up the following properties on your WSS4JInInterceptor (see above for code sample):
Code Block |
---|
inProps.setPropertyput(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN); // Password type : plain text inProps.setPropertyput(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT); // for hashed password use: //properties.setPropertyput(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST); // Callback used to retrieve password for given user. inProps.setPropertyput(WSHandlerConstants.PW_CALLBACK_CLASS, ServerPasswordHandler.class.getName()); |
...
Code Block | ||||
---|---|---|---|---|
| ||||
import java.io.IOException; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.UnsupportedCallbackException; import org.apache.ws.security.WSPasswordCallback; public class ServerPasswordCallback implements CallbackHandler { public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { WSPasswordCallback pc = (WSPasswordCallback) callbacks[0]; if (pc.getIdentitygetIdentifer().equals("joe") { // set the password on the callback. This will be compared to the // password which was sent from the client. pc.setPassword("password"); } } } |
...
Code Block | ||||
---|---|---|---|---|
| ||||
public class ServerPasswordCallback implements CallbackHandler { public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { WSPasswordCallback pc = (WSPasswordCallback) callbacks[0]; if (pc.getIdentitygetIdentifer().equals("joe") { if (!pc.getPassword().equals("password")) { throw new SecurityException("wrong password"); } } } } |
On the Client side you'll want to configure the WSS4J outgoing properties:
Code Block |
---|
outProps.setPropertyput(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN); // Specify our username outProps.setPropertyput(WSHandlerConstants.USER, "joe"); // Password type : plain text outProps.setPropertyput(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT); // for hashed password use: //properties.setPropertyput(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST); // Callback used to retrieve password for given user. outProps.setPropertyput(WSHandlerConstants.PW_CALLBACK_CLASS, ClientPasswordHandler.class.getName()); |
...
In the case of multiple users with different passwords, use the WSPasswordCallback's getIdentitygetIdentifer() (sic) method to obtain the username of the current SOAP request.
...