Hi Angel,
On 3/15/07, Angel Todorov <[EMAIL PROTECTED]> wrote:
Hi Rampart Devs,
Is it possible to use signature, encryption and authentication with
rampart, using the same callback handler ?
I also want to use different usernames and passwords for UsernameToken
and Signature.
This is related to :
https://issues.apache.org/jira/browse/RAMPART-27
Yes
but i would also want to manipulate different passwords for username
and signature, using the same PWCBHandler.
For example, in the handler of the UsernameToken example (sample01), I have:
for (int i = 0; i < callbacks.length; i++) {
//When the server side need to authenticate the user
WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
if (pwcb.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
if(pwcb.getIdentifer().equals("alice") &&
pwcb.getPassword().equals("bobPW")) {
return;
} else {
throw new
UnsupportedCallbackException(callbacks[i], "check failed");
}
}
//When the client requests for the password to be added in to the
//UT element
pwcb.setPassword("bobPW");
====
while, in the handler of the Signature and Encryption example
(sample03) , I have:
for (int i = 0; i < callbacks.length; i++) {
WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
String id = pwcb.getIdentifer();
if("client".equals(id)) {
pwcb.setPassword("apache");
} else if("service".equals(id)) {
pwcb.setPassword("apache");
}
====
How can this be combined? Thanks very much in advance.
Providing different passwords for UsernameToken and Signature is
possible. You can check usage flag of the WSPasswordCallback instance
and then decide which password to provide. In the case where the
callback is looking for the password for signature the usage value
will be org.apache.ws.security.WSPasswordCallback.SIGNATURE
Thanks,
Ruchith
Regards,
Angel
--
www.ruchith.org
www.wso2.org
