'[jira] [Commented] (RAMPART-374) Not Able to use custom validator for USERNAME_TOKEN during server s'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kandula-dev
Subject:    [jira] [Commented] (RAMPART-374) Not Able to use custom validator for USERNAME_TOKEN during server s
From:       "gerhard presser (JIRA)" <jira () apache ! org>
Date:       2014-01-30 12:26:09
Message-ID: JIRA.12560624.1339670672447.9806.1391084769898 () arcas
[Download RAW message or body]


    [ https://issues.apache.org/jira/browse/RAMPART-374?page=com.atlassian.jira.plugin \
.system.issuetabpanels:comment-tabpanel&focusedCommentId=13886528#comment-13886528 ] 

gerhard presser commented on RAMPART-374:
-----------------------------------------

any new information about this issue?
in fact usernametokenauth is not working for nearly two years now (one cannot expect \
the plain password to be available in real-world-scenarios)

> Not Able to use custom validator for USERNAME_TOKEN during server side validation
> ---------------------------------------------------------------------------------
> 
> Key: RAMPART-374
> URL: https://issues.apache.org/jira/browse/RAMPART-374
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Affects Versions: 1.6.2
> Environment: Windows 7 Enterprise Service pack 1, jboss-5.1.0.GA, axis2-1.6.2 \
>                 (exploded war), rampart-1.6.2
> Reporter: AravindPS
> Assignee: Amila Jayasekara
> Labels: axis21.6, rampart1.6.2
> 
> Hi,
> We are upgrading from Axis2 1.5.5/ Rampart 1.5.11 to axis2 1.6.2/Rampart1.6.2. Here \
> we have seen that the USERNAME_TOKEN_UNKNOWN has been deprecated and hence there is \
> no backward compatibility. At this late stage we cannot implement the code to \
> provide passwords at the server password callback class. So we have a problem. The \
> server password callback class is asking for the password. We have designed the \
> services such that for username token authentication we are sending the request to \
> another directory store for authentication. Is there a way to process this without \
> giving the password at server side. Can we configure custom validators to pass the \
> authentication for USERNAME_TOKEN without validating the passwords? If yes can you \
> tell us how to write/configure custom validators? Also, if there is any other \
> solution do let us know. Thanks,
> Aravind



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic