Versions Compared

Old Version 29

changes.mady.by.user Glen Mazza

Saved on

compared with

New Version 30

changes.mady.by.user Glen Mazza

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: changed method names in usertoken example

...

For the server side, you'll want to set up the following properties on your WSS4JInInterceptor (see above for code sample):

Code Block
inProps.setPropertyput(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
// Password type : plain text
inProps.setPropertyput(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
// for hashed password use:
//properties.setPropertyput(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST);
// Callback used to retrieve password for given user.
inProps.setPropertyput(WSHandlerConstants.PW_CALLBACK_CLASS, ServerPasswordHandler.class.getName());

...

Code Block
java
java
import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.WSPasswordCallback;

public class ServerPasswordCallback implements CallbackHandler {

    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {

        WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];

        if (pc.getIdentitygetIdentifer().equals("joe") {
            // set the password on the callback. This will be compared to the
            // password which was sent from the client.
            pc.setPassword("password");
        }
    }

}

...

Code Block
java
java
public class ServerPasswordCallback implements CallbackHandler {

    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {

        WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];

        if (pc.getIdentitygetIdentifer().equals("joe") {
           if (!pc.getPassword().equals("password")) {
                throw new SecurityException("wrong password");
           }
        }
    }

}

On the Client side you'll want to configure the WSS4J outgoing properties:

Code Block
outProps.setPropertyput(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
// Specify our username
outProps.setPropertyput(WSHandlerConstants.USER, "joe");
// Password type : plain text
outProps.setPropertyput(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
// for hashed password use:
//properties.setPropertyput(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST);
// Callback used to retrieve password for given user.
outProps.setPropertyput(WSHandlerConstants.PW_CALLBACK_CLASS, ClientPasswordHandler.class.getName());

...

In the case of multiple users with different passwords, use the WSPasswordCallback's getIdentitygetIdentifer() (sic) method to obtain the username of the current SOAP request.

...