Had a co-worker writing some testing code against a SOAP service that I wrote that is protected with the WS-Security using a Timestamp and UsernameToken in the Security Header. As he was trying to debug his application he kept on telling me that he was getting an error of :
WSSecurityEngine: Callback supplied no password for: [EMAIL PROTECTED] even though he knew that a password was being supplied in the request and when we watched through the TCP Monitor sure enough it was there. In backtracking through it looks like that in the WSSecurityEngine it is catching the UnsupportedCallbackException that I throw in my PasswordCallbackHandler and not using the error message that I supply. If there is no user in the LDAP call I throw an UnsupportedCallbackException with a "noSuchUser" message. In the Engine on line 887 it catches that and then defaults to a "noPassword" message when it throws the WSSecurityException. Is this the planned operation or should it allow different error responses to flow back up the Exception chain? -- Steve Brunton <[EMAIL PROTECTED]> Phone: 404-885-2436 Chief Engineer AOL IM : schitzo42 CNN Internet Technologies ICBM: 84W 23' 45" 33N 45' 29" <*> Borrow money from pessimists-they don't expect it back. <*>
