Excellent! I'm fully in agreement with you on that. Glen
Colm O hEigeartaigh wrote: > > > FYI I'm going to change the behaviour for Username Tokens in WSS4J 1.6: > > https://issues.apache.org/jira/browse/WSS-183 > > Colm. > > -----Original Message----- > From: Daniel Kulp [mailto:[email protected]] > Sent: 24 March 2009 13:36 > To: [email protected]; [email protected] > Cc: Glen Mazza > Subject: Re: Package for SecurityException? > > > CC the wss4j list as that's probably more appropriate. > > Actually, with 1.5.6, the callbacks are also used to verify trust for > any > RSAKeyValue tokens found in the message. Thus, they are used for > various > validation things. > > In the future, I'd like to see the callbacks actually do more validation > prior > to things being used. For example, we could validate the trusts of the > x509 > certs that are found PRIOR to using the cert for decryption. If the > cert > isn't trusted, why spend the processor time doing the decryption and > such. > Right now, we do all the processing, then after the fact, we check to > make > sure the certs that were used are OK. Timestamps could be checked > immediately, etc... > > Dan > > > On Tue March 24 2009 8:32:25 am Glen Mazza wrote: >> BTW, I will update our online example to use a IOException for a bad >> cleartext password, as that appears to be the less incorrect of our > two >> exception choices. It seems strange, though, that WSS4J treats digest > and >> cleartext passwords differently, relying on the CallbackHandler to do > the >> validation for the latter: http://tinyurl.com/cuqblz. > CallbackHandlers do >> not appear meant to do validation, or else they would have a >> BadPasswordSuppliedException or similar exception-throwing capability. >> >> Glen >> >> Glen Mazza wrote: >> > Technically, I guess you're limited to not just any exception but >> > specifically a IOException or a UnsupportedCallbackException > subclass, as >> > those are the only two types of exceptions declared throwable by the >> > handle() method: >> >> > http://java.sun.com/javase/6/docs/api/javax/security/auth/callback/Callb > ack >>Handler.html > > -- > Daniel Kulp > [email protected] > http://www.dankulp.com/blog > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > > -- View this message in context: http://www.nabble.com/Re%3A-Package-for-SecurityException--tp22680584p23340083.html Sent from the WSS4J mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
