Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-5521

Setting SecurityConstants.STS_TOKEN_ON_BEHALF_OF as CallbackHander requires better documentation.

    XMLWordPrintableJSON

Details

    • Unknown

    Description

      Using: cxf-tr-ws-security-2.7.8

      The current documentation states that SecurityConstants.STS_TOKEN_ON_BEHALF_OF
      declared with "a CallbackHandler object to use to obtain the token"

      A very specific CallbackHandler implementation is required. It MUST be
      an implementation that supports processing DelegationCallback as input and
      generating a org.w3c.dom.Element.

      Existing examples are
      org.apache.cxf.ws.security.trust.delegation.ReceivedTokenCallbackHandler
      org.apache.cxf.ws.security.trust.delegation.WSSUsernameCallbackHandler

      The code in org.apache.cxf.ws.security.trust.AbstractSTSClient requires this.

      814 DelegationCallback callback = new DelegationCallback(message);
      815 ((CallbackHandler)delegationObject).handle(new Callback[]

      {callback}

      );
      816 return callback.getToken();

      Attachments

        Activity

          People

            coheigea Colm O hEigeartaigh
            rsearls Rebecca Searls
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: