How to validate UsernameToken without password in wss4j 1.6?

Question

If I send header with current structure:

<soapenv:Header>
        <wsse:Security
                xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
                xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
                soapenv:mustUnderstand="1">
            <wsse:UsernameToken wsu:Id="UsernameToken-E9505BCB2A7771EF1F14710742072404">
                <wsse:Username>Not_correct_username</wsse:Username>
            </wsse:UsernameToken>
        </wsse:Security>
    </soapenv:Header>

Validation performed via processSecurityHeader method is correct. But I want to authenticate user via only Username.

Now my CallbackHandler code is:

public class PWCallback implements CallbackHandler {
private String user;
private String password;
private String alias;
private String privateKeyPassword;

@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {

        if (callbacks[i] instanceof WSPasswordCallback) {
            WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];


            if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN) {
                if (!StringUtils.equals(user, pc.getIdentifier())) {
                    throw new IOException("unknown user: " + pc.getIdentifier());
                }
                pc.setPassword(password);

            } else {

                if (pc.getUsage() == WSPasswordCallback.SIGNATURE || pc.getUsage() == WSPasswordCallback.DECRYPT) {
                    if (StringUtils.equals(pc.getIdentifier(), alias)) {
                        pc.setPassword(privateKeyPassword);
                    } else throw new IOException("unknown user: " + pc.getIdentifier());
                }

            }

        }
    }
}

What I have to add or remove?

Answer 1

您需要重写默认的UsernameTokenValidator的“ verifyUnknownPassword”方法来调用您的CallbackHandler。

How to validate UsernameToken without password in wss4j 1.6?

Question

1 answers

solution1
0 2016-08-24 10:36:09

How to validate UsernameToken without password in wss4j 1.6?

Question

1 answers

solution1 0 2016-08-24 10:36:09

solution1
0 2016-08-24 10:36:09