• Post Reply Bookmark Topic Watch Topic
  • New Topic

Communications management with PasswordDigest (WSPasswordCallback from WSS4J)  RSS feed

Sergio Caro
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
We are developing a Java library to deploy an authentication subsystem, which acts as an intermediary of two end-points: an originator program (which sends us the SOAP message, made by the client, as a CallbackHandler implementation) and a WebService (based on CXF, which will validate de user&password given).

Here it is a logical diagram of the system:

As a is seen in other other implementations the code (to be added in our Java Lib) should be the next (taking into account that the type of the password, for -obviously- security reasons, is "PasswordDigest" (seen in the OASIS UserName Token specification, lines 196-197)):

The line requires the local storage of a file (or a DB) in order to the user&pass maintenance and its subsequent check-up.

So, and that is the obstacle, we are NOT allowed to maintain that file. In addition, the WebService only provides an authentication service (yes/no to an user and password given) and we don't have any other access to the originator Program or to the client.

Any idea of how we should proceed?

Thanks in advance.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!