| <?xml version="1.0" encoding="ISO-8859-1"?> |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| <document> |
| <body> |
| <section name="Axis1 Deployment Tutorial"> |
| <subsection name="Introduction">WSS4J 1.5.x can be used for securing web |
| services deployed in virtually any application server, but it includes |
| special support for Axis. WSS4J 1.5.x ships with handlers that can be used in |
| Axis-based web |
| services for an easy integration. These handlers can be added to the |
| service deployment |
| descriptor (wsdd file) to add a WS-Security layer to the web service. |
| This is a step by step tutorial for deploying a simple service with |
| Username Token.<br></br> |
| <br></br></subsection><subsection name="Prerequisites"><a href="http://ws.apache.org/axis/">Axis |
| 1.2</a> installed and configured on a <a href="http://jakarta.apache.org/tomcat/">Tomcat Server</a>. This |
| tutorial was performed on a Linux machine with Tomcat 5.5.4/Java 1.5.0, |
| however, the setup should be similar on other application servers, or |
| other operating systems (like Windows) unless we stated otherwise.<br></br> |
| </subsection> |
| <subsection name="Steps"></subsection> |
| <subsection name="Installing WSS4J"> |
| <ol> |
| <li>Download the WSS4J binaries or build it from sources<br></br> |
| </li> |
| <li>Copy the contents of the WSS4J lib directory to your Axis |
| WEB-INF/lib directory. Many jar files will already exist. Most of them |
| will already exist there but you can just overwrite them all.</li> |
| <li>You may need to restart Tomcat unless you have automatic |
| deployment/class loading turned on. Check the Axis Happiness Page |
| (typically at http://localhost:8080/axis), make sure that the XML |
| Security (xmlsec.jar) is listed under the "Optional Components" section.</li> |
| </ol> |
| <h4>Creating the Service</h4> |
| <ol> |
| <li>This tutorial will secure the StockQuoteService which ships |
| with Axis. Unless you have one already, create a deployment descriptor |
| (deploy.wsdd) file with the following contents:</li> |
| </ol> |
| <ol start="2"> |
| <br></br> |
| <span style="color: rgb(0, 0, 153);"><deployment |
| xmlns="http://xml.apache.org/axis/wsdd/" |
| xmlns:java="http://xml.apache.org/axis/wsdd/providers/java"></span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> <service |
| name="stock-wss-01" provider="java:RPC" style="document" |
| use="literal"></span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> <parameter |
| name="className" value="samples.stock.StockQuoteService"/></span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> <parameter |
| name="allowedMethods" value="getQuote"/></span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> <parameter |
| name="scope" value="application"/></span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> </service></span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"></deployment><br></br> |
| <br></br> |
| </span><li>deploy the service (using AxisAdmin):</li> |
| </ol> |
| <ol> |
| <span style="color: rgb(0, 0, 153);">java |
| org.apache.axis.client.AdminClient |
| -lhttp://localhost:8080/axis/services/AdminService deploy.wsdd<br></br> |
| </span> |
| </ol> |
| <h4>Creating the Client</h4> |
| <ol> |
| <li>Use WSDL2Java to generate the client service bindings:<br></br> |
| <span style="color: rgb(0, 0, 153);">java |
| org.apache.axis.wsdl.WSDL2Java -o . |
| -Nhttp://fox:8080/axis/services/stock-wss-01 samples.stock.client |
| http://fox:8080/axis/services/stock-wss-01?wsdl</span><br></br> |
| <br></br> |
| A bunch of java classes will be created under samples/stock/client, |
| including the StockQuoteServiceServiceLocator.<br></br> |
| <br></br> |
| </li> |
| <li>Write a simple java client that uses the generated service |
| locator. For example:<br></br> |
| <br></br> |
| <span style="color: rgb(0, 0, 153);">package samples.stock.client;</span><br style="color: rgb(0, 0, 153);"></br> |
| <br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);">import |
| java.rmi.RemoteException;</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);">import |
| javax.xml.rpc.ServiceException;</span><br style="color: rgb(0, 0, 153);"></br> |
| <br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);">public class |
| StockServiceClient {</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> public |
| StockServiceClient() {</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> }</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> public |
| static void main(String[] args) throws ServiceException, |
| RemoteException {</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> |
| if (args.length == 0) {</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> |
| System.out.println("Usage:\njava StockServiceClient [symbol]");</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> |
| return;</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> |
| }</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> |
| StockQuoteServiceService locator = new |
| StockQuoteServiceServiceLocator();</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> |
| StockQuoteService service = locator.getStockWss01();</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> |
| float quote = service.getQuote(args[0]);</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> |
| System.out.println("stock quote service returned " + args[0] + ": " + |
| quote);</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> }</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);">}</span><br></br> |
| <br></br> |
| </li> |
| <li>run the client:<br></br> |
| <span style="color: rgb(0, 0, 153);">java |
| samples.stock.client.StockServiceClient IBM</span><br></br> |
| <br></br> |
| If all went well, you should get the result:<br></br> |
| <br></br> |
| <span style="color: rgb(0, 0, 153);"></span> <span style="color: rgb(0, 0, 153);">stock quote service returned IBM: 95.68</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"><br></br> |
| </span></li> |
| </ol> |
| <h3>Username Token</h3> |
| <h4>Configuring the Service<br></br> |
| </h4> |
| <ol> |
| <li>Modify the deployment descriptor you created above to look like |
| this:<br></br> |
| <span style="color: rgb(0, 0, 153);"><deployment |
| xmlns="http://xml.apache.org/axis/wsdd/" |
| xmlns:java="http://xml.apache.org/axis/wsdd/providers/java"></span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> <service |
| name="stock-wss-01" provider="java:RPC" style="document" |
| use="literal"></span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153); font-weight: bold;"> |
| <requestFlow></span><br style="color: rgb(0, 0, 153); font-weight: bold;"></br> |
| <span style="color: rgb(0, 0, 153); font-weight: bold;"> |
| <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver"></span><br style="color: rgb(0, 0, 153); font-weight: bold;"></br> |
| <span style="color: rgb(0, 0, 153); font-weight: bold;"> |
| <parameter name="passwordCallbackClass" value="PWCallback"/></span><br style="color: rgb(0, 0, 153); font-weight: bold;"></br> |
| <span style="color: rgb(0, 0, 153); font-weight: bold;"> |
| <parameter name="action" value="UsernameToken"/></span><br style="color: rgb(0, 0, 153); font-weight: bold;"></br> |
| <span style="color: rgb(0, 0, 153); font-weight: bold;"></span><span style="color: rgb(0, 0, 153); font-weight: bold;"> |
| </handler></span><br style="color: rgb(0, 0, 153); font-weight: bold;"></br> |
| <span style="color: rgb(0, 0, 153); font-weight: bold;"> |
| </requestFlow></span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> <parameter |
| name="className" value="samples.stock.StockQuoteService"/></span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> <parameter |
| name="allowedMethods" value="getQuote"/></span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> <parameter |
| name="scope" value="application"/></span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> </service></span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"></deployment><br></br> |
| <br></br> |
| </span>WSDoAllReceiver is an Axis handler that can be located in |
| wss4j.jar. This is the standard way to deploy an Axis handler. For more |
| details please refer to the Axis handler for WSS4J documentation.<br></br> |
| <br></br> |
| </li> |
| <li>Create a class named PWCallback.java and compile it into your |
| Axis WEB-INF/classes directory. In this example I used the default |
| package for simplicity, but you might need to use the fully qualified |
| class name (be consistent |
| with the deployment descriptor).<br></br> |
| <br></br> |
| The following code snippet shows a simple password callback class:<br></br> |
| <br></br> |
| <span style="color: rgb(0, 0, 153);">import java.io.IOException;</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);">import |
| javax.security.auth.callback.Callback;</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);">import |
| javax.security.auth.callback.CallbackHandler;</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);">import |
| javax.security.auth.callback.UnsupportedCallbackException;</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);">import |
| org.apache.ws.security.WSPasswordCallback;</span><br style="color: rgb(0, 0, 153);"></br> |
| <br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);">public class PWCallback |
| implements CallbackHandler {</span><span style="color: rgb(0, 0, 153);"></span><span style="color: rgb(0, 0, 153);"></span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> public void |
| handle(Callback[] callbacks)</span><span style="color: rgb(0, 0, 153);"> |
| throws IOException, UnsupportedCallbackException {</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> |
| for (int i = 0; i < callbacks.length; i++) {</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> |
| if (callbacks[i] instanceof WSPasswordCallback) {</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> |
| WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];<br></br> |
| |
| // set the password given a username<br></br> |
| </span> |
| <span style="color: rgb(0, 0, 153);">if |
| ("wss4j".equals(pc.getIdentifier())) {</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> |
| pc.setPassword("security");</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> |
| }</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"></span><span style="color: rgb(0, 0, 153);"> |
| } else {</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> |
| throw new UnsupportedCallbackException(</span><span style="color: rgb(0, 0, 153);">callbacks[i], "Unrecognized Callback");</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> |
| }</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> |
| }</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> }</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);">}</span><br></br> |
| <span style="font-weight: bold;"></span><br></br> |
| <br></br> |
| <br></br> |
| </li> |
| <li>Redeploy the service. Your service should now be expecting a WSS |
| Username Token in in the incoming requests, and clients should send the |
| username "wss4j" and password "security" to get through.<br></br> |
| </li> |
| </ol> |
| <h4>Configuring the Client</h4> |
| <ol> |
| <li>run the client we created again:<br></br> |
| <span style="color: rgb(0, 0, 153);">java |
| samples.stock.client.StockServiceClient IBM</span><br></br> |
| <br></br> |
| You should now get an error:<br></br> |
| <br></br> |
| <span style="color: rgb(0, 0, 153);">Exception in thread "main" |
| AxisFault</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> faultCode: |
| {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> faultSubcode:</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> faultString: |
| WSDoAllReceiver: Request does not contain required Security header</span><br></br> |
| <br></br> |
| This is because your client is not configured to send a Username Token |
| yet, so the service is rejecting the request.<br></br> |
| <br></br> |
| </li> |
| <li>Create a deployment descriptor file (client_deploy.wsdd) for the |
| client:<br></br> |
| <br></br> |
| <span style="color: rgb(0, 0, 153);"><deployment |
| xmlns="http://xml.apache.org/axis/wsdd/" |
| xmlns:java="http://xml.apache.org/axis/wsdd/providers/java"><br></br> |
| <transport name="http" |
| pivot="java:org.apache.axis.transport.http.HTTPSender"/><br></br> |
| <globalConfiguration ><br></br> |
| <requestFlow ><br></br> |
| <handler |
| type="java:org.apache.ws.axis.security.WSDoAllSender" ><br></br> |
| <parameter name="action" |
| value="UsernameToken"/><br></br> |
| <parameter name="user" value="wss4j"/><br></br> |
| <parameter name="passwordCallbackClass" |
| value="samples.stock.client.PWCallback"/><br></br> |
| <parameter name="passwordType" |
| value="PasswordDigest"/><br></br> |
| </handler><br></br> |
| </requestFlow ><br></br> |
| </globalConfiguration ><br></br> |
| </deployment></span><span style="color: rgb(0, 0, 153);"></span><br></br> |
| <br></br> |
| </li> |
| <li>Create the <span style="color: rgb(0, 0, 153);">samples.stock.client.PWCallback</span> |
| class:<br></br> |
| <br></br> |
| <span style="color: rgb(0, 0, 153);">package samples.stock.client;</span><br style="color: rgb(0, 0, 153);"></br> |
| <br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);">import java.io.IOException;</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);">import |
| javax.security.auth.callback.Callback;</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);">import |
| javax.security.auth.callback.CallbackHandler;</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);">import |
| javax.security.auth.callback.UnsupportedCallbackException;</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);">import |
| org.apache.ws.security.WSPasswordCallback;</span><br style="color: rgb(0, 0, 153);"></br> |
| <br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);">/**</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> * PWCallback for the |
| Client</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> */</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);">public class PWCallback |
| implements CallbackHandler {</span><br style="color: rgb(0, 0, 153);"></br> |
| <br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> /**</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> * |
| @see |
| javax.security.auth.callback.CallbackHandler#handle(javax.security.auth.callback.Callback[])</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> */</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> public void |
| handle(Callback[] callbacks) throws IOException,</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> |
| UnsupportedCallbackException {</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> |
| for (int i = 0; i < callbacks.length; i++) {</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> |
| if (callbacks[i] instanceof WSPasswordCallback) {</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> |
| WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> |
| // set the password given a username</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> |
| if ("wss4j".equals(pc.getIdentifier())) {</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> |
| pc.setPassword("security");</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> |
| }</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> |
| } else {</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> |
| throw new UnsupportedCallbackException(callbacks[i], "Unrecognized |
| Callback");</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> |
| }</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> |
| }</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);"> }</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);">}</span><br></br> |
| <br></br> |
| </li> |
| <li>Define the system property axis.ClientConfigFile for your client:<br></br> |
| <br></br> |
| <span style="color: rgb(0, 0, 153);">java |
| -Daxis.ClientConfigFile=client_deploy.wsdd -classpath $AXISCLASSPATH |
| samples.stock.client.StockServiceClient</span><br></br> |
| <br></br> |
| Make sure that your classpath includes the jar files under WEB-INF/lib.<br></br> |
| <br></br> |
| Another way to do this is to specify the wsdd file in your |
| StockServiceClient to the service locator programmatically:<br></br> |
| <br></br> |
| <span style="color: rgb(0, 0, 153);">...</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);">import |
| org.apache.axis.EngineConfiguration;</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);">import |
| org.apache.axis.configuration.FileProvider;</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);">...</span><br style="color: rgb(0, 0, 153);"></br> |
| <br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);">EngineConfiguration config = |
| new FileProvider("client_deploy.wsdd");</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);">StockQuoteServiceService |
| locator = new StockQuoteServiceServiceLocator(config);</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);">...</span><br></br> |
| <br></br> |
| </li> |
| <li>Run the client, you should get no errors:<br></br> |
| <br></br> |
| <span style="color: rgb(0, 0, 153);">stock quote service returned |
| IBM: 95.7</span><br></br> |
| <br></br> |
| Your client is now sending a Username Token in the wsse request header |
| with the username "wss4j" (see client_deploy.wsdd) and password |
| "security" (see the PWCallback implementation).<br></br> |
| <br></br> |
| Another way to do this is to have the client application set the |
| username and CallbackHandler implementation programmatically instead of |
| client_deploy.wsdd:<br></br> |
| <br></br> |
| <span style="color: rgb(0, 0, 153);">...</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);">import |
| org.apache.axis.client.Stub;</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);">...</span><br style="color: rgb(0, 0, 153);"></br> |
| <br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);">Remote remote = |
| locator.getPort(StockQuoteService.class);</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);">Stub axisPort = (Stub)remote;</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);">axisPort._setProperty(UsernameToken.PASSWORD_TYPE, |
| WSConstants.PASSWORD_DIGEST);</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);">axisPort._setProperty(WSHandlerConstants.USER, |
| "wss4j");</span><br style="color: rgb(0, 0, 153);"></br> |
| <span style="color: rgb(0, 0, 153);">axisPort._setProperty(WSHandlerConstants.PW_CALLBACK_REF, |
| pwCallback);</span><br></br> |
| <br></br> |
| where "pwCallback" is a reference to a PWCallback implementation. See |
| the Axis handler for WSS4J documentation for more details on this.<br></br> |
| <br></br> |
| </li> |
| <li>Try modifying your client's PWCallback to return the wrong |
| password, or send the wrong username. The service should reject your |
| requests.</li> |
| </ol> |
| <br></br> |
| <br></br><br></br> |
| </subsection> |
| </section> |
| </body> |
| </document> |