Examples of org.apache.ws.security.WSPasswordCallback

• org.apache.ws.security.WSPasswordCallback
  Simple class to provide a password callback mechanism.

  It uses the JAAS authentication mechanisms and callback methods. In addition to the identifier (user name) this class also provides information what type of information the callback handle method shall provide.

  The WSPasswordCallback class defines the following usage codes:

  • UNKNOWN - an unknown usage. Never used by the WSS4J implementation and shall be treated as an error by the handle method.
  • DECRYPT - need a password to get the private key of this identifier (username) from the keystore. WSS4J uses this private key to decrypt the session (symmetric) key. Because the encryption method uses the public key to encrypt the session key it needs no password (a public key is usually not protected by a password).
  • USERNAME_TOKEN - need the password to fill in or to verify a UsernameToken.
  • SIGNATURE - need the password to get the private key of this identifier (username) from the keystore. WSS4J uses this private key to produce a signature. The signature verification uses the public key to verify the signature.
  • KEY_NAME - need the key, not the password, associated with the identifier. WSS4J uses this key to encrypt or decrypt parts of the SOAP request. Note, the key must match the symmetric encryption/decryption algorithm specified (refer to {@link org.apache.ws.security.handler.WSHandlerConstants#ENC_SYM_ALGO}).
  • USERNAME_TOKEN_UNKNOWN - either an not specified password type or a password type passwordText. In these both cases only the password variable is set. The callback class now may check if the username and password match. If they don't match the callback class must throw an exception. The exception can be a UnsupportedCallbackException or an IOException.
  • SECURITY_CONTEXT_TOKEN - need the key to to be associated with a wsc:SecurityContextToken.

  @author Werner Dittmann (Werner.Dittmann@siemens.com).

    public void handle(Callback[] callbacks) throws IOException,
            UnsupportedCallbackException {
        for (int i = 0; i < callbacks.length; i++) {
            if (callbacks[i] instanceof WSPasswordCallback) {
                WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
                /*
                 * here call a function/method to lookup the password for the
                 * given identifier (e.g. a user name or keystore alias) e.g.:
                 * pc.setPassword(passStore.getPassword(pc.getIdentfifier)) for
                 * Testing we supply a fixed name here.
                 */
                pc.setPassword("security");
            } else {
                throw new UnsupportedCallbackException(callbacks[i],
                        "Unrecognized Callback");
            }
        }

    public void handle(Callback[] callbacks)
            throws IOException, UnsupportedCallbackException {
        for (int i = 0; i < callbacks.length; i++) {
            if (callbacks[i] instanceof WSPasswordCallback) {
                WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
                /*
                 * here call a function/method to lookup the password for
                 * the given identifier (e.g. a user name or keystore alias)
                 * e.g.: pc.setPassword(passStore.getPassword(pc.getIdentfifier))
                 * for Testing we supply a fixed name here.
                 */
                pc.setPassword("security");
            } else {
                throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
            }
        }
    }

    public void handle(Callback[] callbacks)
            throws IOException, UnsupportedCallbackException {
        for (int i = 0; i < callbacks.length; i++) {
            if (callbacks[i] instanceof WSPasswordCallback) {
                WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
                /*
                 * here call a function/method to lookup the password for
                 * the given identifier (e.g. a user name or keystore alias)
                 * e.g.: pc.setPassword(passStore.getPassword(pc.getIdentfifier))
                 * for Testing we supply a fixed name here.
                 */
                pc.setPassword("security");
            } else {
                throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
            }
        }
    }

    public void handle(Callback[] callbacks)
            throws IOException, UnsupportedCallbackException {
        for (int i = 0; i < callbacks.length; i++) {
            if (callbacks[i] instanceof WSPasswordCallback) {
                WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
                /*
                 * here call a function/method to lookup the password for
                 * the given identifier (e.g. a user name or keystore alias)
                 * e.g.: pc.setPassword(passStore.getPassword(pc.getIdentfifier))
                 * for Testing we supply a fixed name here.
                 */
                pc.setPassword("security");
            } else {
                throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
            }
        }
    }

    private WSPasswordCallback callback;

    @Before
    public void setUp() throws Exception {
        callbackHandler = new KeyStoreCallbackHandler();
        callback = new WSPasswordCallback("secretkey", WSPasswordCallback.SECRET_KEY);

        KeyStoreFactoryBean factory = new KeyStoreFactoryBean();
        factory.setLocation(new ClassPathResource("private.jks"));
        factory.setPassword("123456");
        factory.setType("JCEKS");

     * @throws UnsupportedCallbackException when the callback is not supported
     */
    @Override
    protected final void handleInternal(Callback callback) throws IOException, UnsupportedCallbackException {
        if (callback instanceof WSPasswordCallback) {
            WSPasswordCallback passwordCallback = (WSPasswordCallback) callback;
            switch (passwordCallback.getUsage()) {
                case WSPasswordCallback.DECRYPT:
                    handleDecrypt(passwordCallback);
                    break;
                case WSPasswordCallback.USERNAME_TOKEN:
                    handleUsernameToken(passwordCallback);
                    break;
                case WSPasswordCallback.SIGNATURE:
                    handleSignature(passwordCallback);
                    break;
                case WSPasswordCallback.SECURITY_CONTEXT_TOKEN:
                    handleSecurityContextToken(passwordCallback);
                    break;
                case WSPasswordCallback.CUSTOM_TOKEN:
                    handleCustomToken(passwordCallback);
                    break;
                case WSPasswordCallback.SECRET_KEY:
                    handleSecretKey(passwordCallback);
                    break;
                default:
                    throw new UnsupportedCallbackException(callback,
                            "Unknown usage [" + passwordCallback.getUsage() + "]");
            }
        }
        else if (callback instanceof CleanupCallback) {
            handleCleanup((CleanupCallback) callback);
        }

    public static class ServerPasswordCallback implements CallbackHandler {
        public void handle(Callback[] callbacks) throws IOException,
                UnsupportedCallbackException {
            WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];

            if (pc.getIdentifier().equals("bob")) {
                // set the password on the callback. This will be compared to the
                // password which was sent from the client.
                pc.setPassword("pwd");
            }
        }

     * It attempts to get the password from the private
     * alias/passwords map.
     */
    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
        for (int i = 0; i < callbacks.length; i++) {
            WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];

            String pass = passwords.get(pc.getIdentifier());
            if (pass != null) {
                pc.setPassword(pass);
                return;
            } else {
                pc.setPassword("password");
            }
        }
    }

    public static class ServerPasswordCallback implements CallbackHandler {
        public void handle(Callback[] callbacks) throws IOException,
                UnsupportedCallbackException {
            WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];

            if (pc.getIdentifier().equals("bob")) {
                // set the password on the callback. This will be compared to the
                // password which was sent from the client.
                pc.setPassword("pwd");
            }
        }

     * Here, we attempt to get the password from the private
     * alias/passwords map.
     */
    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
        for (int i = 0; i < callbacks.length; i++) {
            WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];

            String pass = passwords.get(pc.getIdentifier());
            if (pass != null) {
                pc.setPassword(pass);
                return;
            }
        }

        //