Communications management with PasswordDigest (WSPasswordCallback from WSS4J) |
[eluser]Unknown[/eluser]
Scenario We are developing a Java library to deploy an authentication subsystem, which acts as an intermediary of two end-points: an originator program (which sends us the SOAP message, made by the client, as a CallbackHandler implementation) and a WebService (based on CXF, which will validate de user&password; given). Here it is a logical diagram of the system: Code: |------| |-------| Code: if (callbacks[i] instanceof WSPasswordCallback) { The line " Code: String password = getPassword(login); So, and that is the obstacle, we are NOT allowed to maintain that file. In addition, the WebService only provides an authentication service (yes/no to an user and password given) and we don't have any other access to the originator Program or to the client. Any idea of how we should proceed? Thanks in advance. |
Welcome Guest, Not a member yet? Register Sign In |