>Hmm, so probably exception is thrown only if password is in hashed form. >I'll try to check this. I'm testing it now, too.
>I'm not sure if putting ThreadLocal inside callback object is a good idea :/ >Maybe its better to create external object which will contain >ThreadLocal object and have same usefull data accessing methods. You >have to also remeber to clear this variable at the end of request. Fair enough. >For password in plain form it should work, but for hashed form you can >encounter a few problems. (sending plain password should be avoided >IMHO, so at least ssl should be used) >I usually keep user data during msg processing ( in ThreadLocal or >appContexts , depends on api ) so every service method has easy access >to it . Yes, I'm planning on an SSL connection. I'll let you know how the test pans out. I'll submit a test case via jira. -- View this message in context: http://www.nabble.com/WS-Security-and-UserTokens-t1543793.html#a4249407 Sent from the XFire - User forum at Nabble.com.
