Hi
I have problems understanding the use of password callback handlers on server
side. I tryed out the following example [1] and the rampart policy sample01.
Why must the password be set on the server side? In my opinion, I need a
seperate password callback handler on the client and an other one on the server
side. On the client side the user credentials have to be set and on the server
side only the user credentials have to be checked.
1. Why is it necessary to set the password on the server-side like this?
//When the client requests for the password to be added in to the
//UT element
pwcb.setPassword("bobPW");
If I don't use the code line above, I get the fallowing error message:
The security token could not be authenticated or authorized
2. What is the difference to set the user credentials with the following code
[2] between the setting in an policy file, using an password callback handler
and the code [3]?
[2]
options.setUserName("apache");
options.setPassword("password");
[3]
private static Policy loadPolicy(String xmlPath) throws Exception {
StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
return PolicyEngine.getPolicy(builder.getDocumentElement());
}
If I use [2] I got the following error message:
Missing wsse:Security header in request
3. How can I set the client side user credentials if I use generated stubs? The
generation process generates two files <name of service>Stub and <name of
service>CallbackHandler? I get the following error message:
SOAP header missing
steffen
[1] http://wso2.org/library/3190
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
