[
https://issues.apache.org/jira/browse/WSS-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13022061#comment-13022061
]
Colm O hEigeartaigh commented on WSS-279:
-----------------------------------------
I assume you're talking about the UsernameTokenValidator. What source
distribution are you referring to? It constructs a WSPasswordCallback object
like this:
WSPasswordCallback pwCb =
new WSPasswordCallback(user, null, pwType,
WSPasswordCallback.USERNAME_TOKEN, data);
The password is null because the CallbackHandler is only expected to supply a
password from now on, and not do any validation. The UsernameTokenValidator
gets the password returned from the CallbackHandler and does the validation
itself. See this blog entry for more details:
http://coheigea.blogspot.com/2011/02/usernametoken-processing-changes-in.html
Colm.
> WSPasswordCallback method getPasswordType() was removed in 1.6.0 without
> being deprecated in 1.5.11.
> ----------------------------------------------------------------------------------------------------
>
> Key: WSS-279
> URL: https://issues.apache.org/jira/browse/WSS-279
> Project: WSS4J
> Issue Type: Bug
> Affects Versions: 1.6
> Reporter: Gary D. Gregory
> Assignee: Colm O hEigeartaigh
>
> WSPasswordCallback method getPasswordType() was removed in 1.6.0 without
> being deprecated in 1.5.11.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
