Let me add, one of my points of confusion is that after I get the password (hashed or not) from my application, where does the checking of this looked up password to the password sent in the WS:Security information take place? i.e. who's is responsible for validating the password info? I guess I was expecting to see WSDoAllReceiver to throw a WSSecurityException if the values didn't match.
Thanks. On 5/4/06, Brian Bonner <[EMAIL PROTECTED]> wrote:
I've been looking at WSHandler's CallbackHandler. My understanding from reading the javadoc for WSPasswordCallback, WSHandler, and is that this is primarily used to call back into the application to get a password from the user application. However, II'm unclear as to how this interacts with the server side portion of the webservice to authenticate the user request. Can someone help describe how this is supposed to work? Thanks.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
