How to create a Password Callback class

Most of web services have been secured using various WS-security  methods. Therefore we need to implements clients that support WS-Security to invoke these web services.

If you are using Rampart or WSS4J for WS-Security for processing in client side,  you may need to create a password callback class for following

1. Get the password to build the username token

2. Get the private key password for signture or decryption

It is very easy to write a Password callback. Following Java code is for simple Password callback class

package org.wso2.samples.pwcb;
import org.apache.ws.security.WSPasswordCallback;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import java.io.IOException;
public class PWCBHandler implements CallbackHandler {
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
String id = pwcb.getIdentifer();
int usage = pwcb.getUsage();
if (usage == WSPasswordCallback.USERNAME_TOKEN) {
// Logic to get the password to build the username token
if ("admin".equals(id)) {pwcb.setPassword("admin");}
} else if (usage == WSPasswordCallback.SIGNATURE || usage == WSPasswordCallback.DECRYPT) {
// Logic to get the private key password for signture or decryption
if ("client".equals(id)) {pwcb.setPassword("apache");}
if ("service".equals(id)) {pwcb.setPassword("apache");}
}
}
}
}

Lets see how you can use this password class back class with the WSO2 products such as ESB and BPS. For ESB, we need a class back class to invoke a secured BE services where ESB Proxy service would act as client for BE service.  Also when external partner service is invoked by a BPEL is act as a client to the external web service.

Therefore we need to create a jar file .

Step1 : Creating a jar file 

Note :  If you are familiar with maven. Please find the maven project of callback class from here

If not,  you can use following way to create the jar file.

1. Copy sample Password callback in to text file and save it as PWCBHandler.java

2. Create a directory called “temp”  …any where you like,

3. Go in to temp directory and create following directory structure   org/wso2/samples/pwcb

4. Copy PWCBHandler.java in to pwcb directory

5. Download wss4j.jar from here (http://ws.apache.org/wss4j/) and copy it to temp directory

6. Compile PWCBHandler.java pointing classpath to wss4j.jar from pwcb directory

Ex:-
#javac PWCBHandler.java -classpath /home/asela/temp/PWC/org/wso2/samples/pwcb/wss4j-1.5.8.jar

7. Go in to temp directory and create a jar file issuing following

#jar cf PWCBHandler.jar org/wso2/samples/pwcb/*.class

Step2 : Adding jar file in to classpath

1. Now you have created your  PWCBHandler.jar and Copy jar in to /repository/components/lib

2. Restart Server