We are using USERNAME_TOKEN_UNKNOWN to implement our CallbackHandler.
WSPasswordCallback pwcb = (WSPasswordCallback) callbacks[i];
if (pwcb.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN)
{
try
{
String username = pwcb.getIdentifer();
String password = pwcb.getPassword();
// do login
}
catch (Exception e)
{
throw new
WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION,
"failedAuthentication", new Object[] { username }, e);
}
}
However, the UsernameTokenProcessor wraps any IOException in a
WSSecurityException(WSSecurityException.FAILURE,"noPassword", new
Object[]{user}) so the error message in the SOAP fault is very misleading.
Would it make sense to change UsernameTokenProcessor to include:
} catch (WSSecurityException e) {
throw e;
}
or am I missing something about how to handle authentication failures
properly?
Thanks!
--
View this message in context:
http://www.nabble.com/How-to-throw-authentication-exceptions-when-using-USERNAME_TOKEN_UNKNOWN-tf3582423.html#a10010357
Sent from the WSS4J mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
