Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
3.0.0-milestone1, 2.7.8
-
None
-
Unknown
Description
Using: cxf-tr-ws-security-2.7.8
The current documentation states that SecurityConstants.STS_TOKEN_ACT_AS
declared with "a CallbackHandler object to use to obtain the token"
A very specific CallbackHandler implementation is required. It MUST be
an implementation that supports processing DelegationCallback as input and
generating a org.w3c.dom.Element.
Existing examples are
org.apache.cxf.ws.security.trust.delegation.ReceivedTokenCallbackHandler
org.apache.cxf.ws.security.trust.delegation.WSSUsernameCallbackHandler
The code in org.apache.cxf.ws.security.trust.AbstractSTSClient requires this.
814 DelegationCallback callback = new DelegationCallback(message);
815 ((CallbackHandler)delegationObject).handle(new Callback[]
);
816 return callback.getToken();