Home/ Questions/Q 6896443
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T07:02:40+00:00

I’m using WSS4JInInterceptor to try to authenticate my client. I have been able to

  • 0

I’m using WSS4JInInterceptor to try to authenticate my client. I have been able to create a trivial example. However, I have a problem. In my application, I use the supplied user name and password to try to open a connection to the database. If the connection attempt is successful, the user has authenticated, otherwise, the login attempt gets rejected. Using WSS4JInInterceptor I need to implement a callback that returns the user’s password. In my security scheme, I have no access to this password. How can I implement something like this?

Should I subclass WSS4JInInterceptor and hack it to provide the password?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Here you go: Below you wont find me using a call back handler, because wont really need that(Not saying you cant do it that way, but this is more simple).

    <jaxws:endpoint id="myService" implementor="#myServiceImpl" address="/myService">
<jaxws:inInterceptors>
<bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
<ref bean="myServiceInterceptor"/>
</jaxws:inInterceptors>
<jaxws:properties>
<entry key="ws-security.ut.validator" value-ref="myServiceUsernameTokenValidator"/>
<jaxws:properties>
 </jaxws:endpoint>

<bean id=" myServiceInterceptor "   class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
 <constructor-arg>                              
 <map>
    <entry key="action" value="UsernameToken" />
    <entry key="passwordType" value="PasswordText" />
  </map>          
</constructor-arg>
</ bean>

    In my myServiceUsernameTokenValidator , I am directly wiring up UserDetailService, getting the hashed password from DB, and then simply validate using 

     stringDigester.matches(passwordText, passwordDigest)
    • 0