Creating Password Callback Class handler
Password Callback Class is required for the UsernameToken security function to specify a password for the username as well as for private keys in the keystore for using the Encryption security function. Private keys will be used to sign and/or decrypt a message.
Password callback classes are used to:
- set a password for the user in UsernameToken while using UsernameToken security action
- set password for private key used to decrypt SOAP message while using Encryption security action
- set password for private key used to sign SOAP message while using Signature security action
To specify the password, an implementation of javax.security.auth.callback.CallbackHandler
is needed. A fully qualified class name for this implementation should be provided in the Component Property Sheet (CPS).
Follow the below sections to understand how to create a Password Callback Class and to attach the resulting jar files to Web Service components and thereby used for UsernameToken security action as well as Encryption security action.
Create the Class file
Copy the below sample Java program and paste it in .java file and save it (save the password callback class with the name 'PWCallback' as an example)
PWCallback class
/**
* Copyright (c) 1999-2007, Fiorano Software Technologies Pvt. Ltd. and affiliates.
* Copyright (c) 2008-2014, Fiorano Software Pte. Ltd. and affiliates.
*
* All rights reserved.
*
* This software is the confidential and proprietary information
* of Fiorano Software ("Confidential Information"). You
* shall not disclose such Confidential Information and shall use
* it only in accordance with the terms of the license agreement
* enclosed with this product or entered into with Fiorano.
*/
import org.apache.ws.security.WSPasswordCallback;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import java.io.IOException;
public class PWCallback implements CallbackHandler {
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (Callback callback : callbacks) {
//Callback classes used for WS-Security should be instances of WSPasswordCallback
if ((callback instanceof WSPasswordCallback)) {
WSPasswordCallback passCallback = (WSPasswordCallback) callback;
//Passwords can be set in various ways
// 1. By checking the username
// 2. By checking the WS-Security action where the password is needed
if ("User1".equals(passCallback.getIdentifier())) {
passCallback.setPassword("Password1");
} else if (passCallback.getUsage() == WSPasswordCallback.USERNAME_TOKEN) {
passCallback.setPassword("UsernamePasswd");
} else if (passCallback.getUsage() == WSPasswordCallback.DECRYPT) {
passCallback.setPassword("DecryptPasswd");
} else if (passCallback.getUsage() == WSPasswordCallback.SIGNATURE) {
passCallback.setPassword("SignaturePasswd");
}
}
}
}
}
Explanation of script in the class
Callback classes used for WS-Security should be instances of WSPasswordCallback.
The below part is used in the class to define the same:
if ((callback instanceof WSPasswordCallback)) {
WSPasswordCallback passCallback = (WSPasswordCallback) callback;
Passwords can be set in three different ways, as explained earlier, using the above class:
By checking the username in case of UsernameToken WS-Security action.
By checking the WS-Security action where the password is needed for Decryption
By checking the WS-Security action where the password is needed for Signature
The part of the class that starts from the below line defines this condition:
From
if ("User1".equals(passCallback.getIdentifier
till
passCallback.setPassword("SignaturePasswd");
Compile the Class and archive
Compile the class and archive it into a JAR file (PWCallback.jar).
- wss4j.jar file present at the location %FIORANO_HOME%\extlib\wss4j\wss4j.jar needs to be placed in the classpath while compiling.
- This JAR file will be used by WSStub and WebserviceConsumer components to set username and password in the SOAP message header.
Use the implementation in WebService components
Implementation in WSStub
To use PWCallback implementation in WSStub, stop the Peer server on which WSStub is running and copy the JAR which contains Password Callback Class into the location:
%FIORANO_HOME%\esb\server\jetty\fps\webapps\bcwsgateway\WEB-INF\classes
- If the class file has any package, the jar file should be created to include that class and placed in the following location: %FIORANO_HOME%\esb\server\jetty\fps\webapps\bcwsgateway\WEB-INF\lib
- For UsernameToken, restart the Peer server on which WSStub is running.
- For Encryption, restart the Peer server on which WSStub is running only after the following:
- Generate Keystore to store public and private keys
- Create an Encryption properties file which carries Keystore details
Implementation in WedServiceConsumer
To use PWCallback implementation in WebserviceConsumer 4.0 component, add the JAR as resource by editing properties in the ServiceDescriptor.xml section in eStudio.