Hi All We need to authenticate calls to our web services that send the password either as plain text (WSS-Password Type: PasswordText) or as a digest (WSS Password Type: PasswordDigest). In addition, I need to authenticate by LDAP to an active directory.
The plain text thing works, either with WSS4JInInterceptor and a custom password callback handler or by subclassing AbstractUsernameTokenAuthenticatingInterceptor and overwriting the createSubject() method in there. So far so good. The digest thing on the other hand I am not able to get running. WSS4JInInterceptor cannot be used because it requires getting the plain text password from the AD, which is not possible. So, I tried AbstractUsernameTokenAuthenticatingInterceptor (whose javadoc sounds like it is intended to be used for my specific use case). But as soon as the password is digested, my overwritten createSubject () method is never called and therefore the authentication fails. As far as I seem there are two calls to that method. One is restricted to the plain text password case (DelegatingCallbackHandler.handle()), the other to the CustomUsernameTokenProcessor. So, do I miss some configuration setting so that the custom processor is used? Or is there even a bug! Kind regards Michael Dänzer MSc UZH, Software Entwickler Ivyteam AG Alpenstrasse 9 CH-6403 Zug Zentrale:+41 (0) 58 666 34 34 e-mail: [email protected] web: www.soreco.ch soreco swiss business software since 1988
