Hello,
Following the emails below found from last year, I have a simple
question and hope someone can answer me.
I just want to use WSDoAllSender handler to make the SOAP message appear
with ws-security header, and embed the username as the token inside the
message. I don't want to use any password protection. So can I just use
the following struction and leave the password callback stuff out or
specify some empty information?
Something like,
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="UsernameToken"/>
<parameter name="user" value="user"/>
</handler>
</requestFlow>
Is this allowed?
jake
>-----Original Message-----
>From: Werner Dittmann [mailto:[EMAIL PROTECTED]
>Sent: 05 December 2004 15:45
>To: Kai Wei
>Cc: [email protected]
>Subject: Re: ws-security (wss4j) question
>
>No, there is no way to do it unless you change the source.
>
>Setting a password in the deployment files is a bad idea
>because these files are cleartext and thus a password is not
>secure anymore.
>
>regards,
>Werner
>
>
>Kai Wei schrieb:
>
>>All the client-config.wsdd files I have seen use a callback class to
>>return the password, as shown below.
>>
>> <requestFlow>
>> <handler
>type="java:org.apache.ws.axis.security.WSDoAllSender" >
>> <parameter name="action" value="UsernameToken"/>
>> <parameter name="user" value="user"/>
>> <parameter name="passwordType" value="PasswordText" />
>> <parameter name="passwordCallbackClass"
>> value="org.apache.ws.axis.oasis.PWCallback"/>
>> </handler>
>> </requestFlow>
>>
>>My question is: Is there anyway I can specify the password inline in
>>client-config.wsdd?
>>
>>thanks a lot in advance.
>>
>>
>>
>
>
