Hello, a sentence in the CXF docs I believe I had placed in a while back I would like to confirm--for the two code examples here:
http://cwiki.apache.org/CXF20DOC/ws-securitypolicy.html#WS-SecurityPolicy-ConfiguringviaSpring The sentence in question is: "The properties are easily configured as client or endpoint properties--use the latter for web service provider configuration:" Just to confirm: 1.) The *upper* code example is *only* for SOAP clients and not web service providers 2.) Is the *lower* code example *only* for web service providers, or can it be equally used for both provider and client--also, if both, does the lower example provide any advantage over the upper one when configuring a client? (I *might* have asked (1) and (2) before I placed that sentence in the docs; if so, pardon my duplication!) 3.) The *lower* code example is currently somewhat nonsensical for web service providers, because it has an "ws-security.username" entry--that would normally only be for a client supplying a password, correct? 4.) The "ws-security.callback-handler" entry seems to have two usages: For the client-side, it is to supply the password but for the service-side, it is to validate the supplied password, correct? If so, this would seem to be confusing and suboptimal, if: --- 1.) A web service provider could need to supply both a password (perhaps if forwarding to another web service call) *and* validate a password--is that a realistic scenario not presently supported by our configuration? --- 2.) Architecturally, WSS4J may be moving away from using callback handlers to validate passwords (https://issues.apache.org/jira/browse/WSS-183) -- would it not be better to have a separate property, say "ws-security.password-validator" or ".authentication-validator" or whatever, strictly for validating passwords, and letting "ws-security.callback-handler" just be for providing passwords (or other authentication data)? Thanks, Glen -- View this message in context: http://old.nabble.com/Need-clarification-on-the-WS-SecurityPolicy-documentation-tp26318049p26318049.html Sent from the cxf-dev mailing list archive at Nabble.com.
