Hi all, I have a service "A" (secured with a policy on services.xml) and an STS (Rahas based, using the default issuer from Rampart distribution, also with a policy on services.xml). The scenario is as follows:
1.) A client application sends a request to service A, according to service A's policy. This request contains a SAML token issued by the STS. 2.) Service A receives the client request, and sends a response based on the validity of the SAML token. In order to check the validity of the SAML token, service A calls the "RequestSecurityToken" from the STS set to "RST/Validate". To make this request, service A loads the STS policy on the org.apache.axis2.client.ServiceClient instance. However, the Rampart handler throws a ClassNotFoundException referring to the password callback handler class. This class is deployed in the service, and is the same one used for the regular policy (without any problems). From the stack trace, it seems that the "wrong" class loader is being used. My question is: is there a way to specify which class loader to use (for the password callback class) when adding crypto configuration to the loaded policy? Thanks and regards, Joana -- Student Intern SAP Research - Security & Trust SAP Labs France 805 Avenue du Dr. Maurice Donat 06250 Mougins T +33/492286319 F +33/492286201 Personal Homepage: http://www.inf.ufrgs.br/~jmftrindade
