Creating Password Callback Class handler

Password Callback Class is required for the UsernameToken security function to specify password for username as well as for private keys in keystore for using Encryption security function. Private keys will be used to sign and/or decrypt a message.

Password callback classes are used to:

set password for user in UsernameToken while using while using UsernameToken security action
set password for private key used to decrypt SOAP message while using Encryption security action
set password for private key used to sign SOAP message while using Signature security action

To specify password, an implementation of javax.security.auth.callback.CallbackHandler is needed. A fully qualified class name of this implementation should be provided in Component Property Sheet (CPS).

Follow the below sections to understand how to create a Password Callback Class and to attach the resulting jar files to Web Service components and thereby used for UsernameToken security action as well as Encryption security action.

Create the Class file

Copy the below sample Java program and paste it in .java file and save it (save the password callback class with name 'PWCallback' as an example)

PWCallback class

JAVA

/**
* Copyright (c) 1999-2007, Fiorano Software Technologies Pvt. Ltd. and affiliates.
* Copyright (c) 2008-2014, Fiorano Software Pte. Ltd. and affiliates.
*
* All rights reserved.
*
* This software is the confidential and proprietary information
* of Fiorano Software ("Confidential Information"). You
* shall not disclose such Confidential Information and shall use
* it only in accordance with the terms of the license agreement
* enclosed with this product or entered into with Fiorano.
*/
import org.apache.ws.security.WSPasswordCallback;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import java.io.IOException;
public class PWCallback implements CallbackHandler {
    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
        for (Callback callback : callbacks) {

            //Callback classes used for WS-Security should be instances of WSPasswordCallback
            if ((callback instanceof WSPasswordCallback)) {
                WSPasswordCallback passCallback = (WSPasswordCallback) callback;

                //Passwords can be set in various ways
                // 1. By checking the username
                // 2. By checking the WS-Security action where the password is needed
                if ("User1".equals(passCallback.getIdentifier())) {
                    passCallback.setPassword("Password1");
                } else if (passCallback.getUsage() == WSPasswordCallback.USERNAME_TOKEN) {
                    passCallback.setPassword("UsernamePasswd");
                } else if (passCallback.getUsage() == WSPasswordCallback.DECRYPT) {
                    passCallback.setPassword("DecryptPasswd");
                } else if (passCallback.getUsage() == WSPasswordCallback.SIGNATURE) {
                    passCallback.setPassword("SignaturePasswd");
                }
            }
        }
    }
}

Explanation of script in the class

Callback classes used for WS-Security should be instances of WSPasswordCallback.
The below part is used in the class to define the same:

if ((callback instanceof WSPasswordCallback)) {
WSPasswordCallback passCallback = (WSPasswordCallback) callback;

Passwords can be set in three different ways, as explained earlier, using the above class:

By checking the username in case of UsernameToken WS-Security action.

By checking the WS-Security action where the password is needed for Decryption

By checking the WS-Security action where the password is needed for Signature
The part of the class that starts from the below line defines this condition:
From
if ("User1".equals(passCallback.getIdentifier
 till
passCallback.setPassword("SignaturePasswd");

Compile the Class and archive

Compile the class and archive it into a JAR file (PWCallback.jar).

wss4j.jar file present at the location %FIORANO_HOME%\extlib\wss4j\wss4j.jar needs to be placed in classpath while compiling.
This JAR file will be used by WSStub and WebserviceConsumer components to set username and password in SOAP message header.

Use the implementation in WebService components

Implementation in WSStub

To use PWCallback implementation in WSStub, stop the Peer server on which WSStub is running and copy the JAR which contains Password Callback Class into the location:
%FIORANO_HOME%\esb\server\jetty\fps\webapps\bcwsgateway\WEB-INF\classes

If the class file has any package, the jar file should be created to include that class and placed in the following location: %FIORANO_HOME%\esb\server\jetty\fps\webapps\bcwsgateway\WEB-INF\lib
For UsernameToken, restart the Peer server on which WSStub is running.
For Encryption, restart the Peer server on which WSStub is running only after the following:
- Generate Keystore to store public and private keys
- Create an Encryption properties file which carries Keystore details

Implementation in WedServiceConsumer

To use PWCallback implementation in WebserviceConsumer 4.0 component, add the JAR as resource by editing properties in the ServiceDescriptor.xml section in eStudio.