Hi all, I wanted to add username/password token in my request to my sts service. I'm using the STSClient from rahas and tried with this
Options options = new Options(); options.setUserName("user"); options.setPassword("pass"); options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy("policy/sts_policy.xml")); stsClient.setOptions(options); But the messages don't have a security header. Alos how should I configure the callback handler, since it need to both validate the username password and fetch the certificate for validating the signed message. Should it be something like this if(pwcb.getUsage() == WSPasswordCallback.USERNAME_TOKEN){ /* Do password validation*/ } if(pwcb.getUsage() == WSPasswordCallback.SIGNATURE){ /* Do set password for keystore*/ } cheers, Håkon -- Håkon Sagehaug, Scientific Programmer Parallab, Bergen Center for Computational Science (BCCS) UNIFOB AS (University of Bergen Research Company)