[jboss-user] [JBoss Web Services Users] - Re: Authenticating SOAP Requests with WSSE UsernameToken doe

sthatcher do-not-reply at jboss.com
Fri Sep 25 21:32:15 EDT 2009


I did a bit more investigation on this and found the crux of the issue but I'm not sure how to solve it.  In the login configuration for the realm you are supposed to use a UsernameTokenCallback object to update the digest based on the existence of a nonce or created.  However, on debugging, these values are always null.  And the init function sends a map with both keys (nonce and created) set to null.  So the question is what other configuration do I need to tell JBoss to pull out these header nodes and send to the callback handler.

The specific login config is as follows:

  |   <application-policy name="MyRealm">
  |     <authentication>
  |       <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
  |         flag="required">
  |     <!--
  |         <module-option name="usersProperties">props/myrealm-users.properties</module-option>
  |         <module-option name="rolesProperties">props/myrealm-roles.properties</module-option> -->
  |        <module-option name = "dsJndiName">java:/WSExampleDS</module-option>
  |        <module-option name = "principalsQuery">SELECT password FROM users WHERE username=?</module-option>
  |        <module-option name = "rolesQuery">SELECT r.role, 'Roles' FROM roles r join users u on u.id = r.userid WHERE u.username=?</module-option>
  |       <module-option name="hashAlgorithm">SHA</module-option>
  |       <module-option name="hashEncoding">BASE64</module-option>
  |       <module-option name="hashUserPassword">false</module-option>
  |       <module-option name="hashStorePassword">true</module-option>
  |  
  |         <module-option name="unauthenticatedIdentity">anonymous</module-option>
  |       <module-option name="storeDigestCallback">org.jboss.ws.extensions.security.auth.callback.UsernameTokenCallback</module-option>
  | 
  |       </login-module>
  |     </authentication>
  |   </application-policy>
  |  

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4257157#4257157

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4257157



More information about the jboss-user mailing list