[SOLVED] Password Handler not getting called when we upgrade from Axis 1.6.2 / Rampart 1.6.2 to Axis 1.7.2 / Rampart 1.7.0

Password Handler not getting called when we upgrade from Axis 1.6.2 / Rampart 1.6.2 to Axis 1.7.2 / Rampart 1.7.0

We pack our WAR with axis2 webservices in /WEB-INF/services .

It was developed using Axis 1.5.1, then upgraded to Axis 1.6.2/Rampart 1.6.2 few years back. Now we need to upgrade to Axis 1.7.2 / rampart 1.7.0 .

We add usernameSecurity to our webservices. We also package an example webservices client app. Things were working fine. But once we upgrade to Axis 1.7.2/Rampart 1.7.0 , the PasswordCallBackHandler.handle method is not getting called . As such our webservices client breaks. This is how I am adding password callback client.axis2.xml for adding the username/pwd in the request SOAP.

<axisconfig name="AxisJava2.0">
  <module ref="rampart"/>
  <parameter name="OutflowSecurity">
  <action>
     <items>UsernameToken</items>
     <user>system</user>

     <passwordCallbackClass>com.web.ws.connector.CSPWCBHandler</passwordCallbackClass>
     <passwordType>PasswordText</passwordType>
  </action>

My services.xml looks like the following :

<service name="labware_weblims_listFunctions" targetNamespace="http://www.labware.com/webservice">
  <description>Service description for labware_weblims_listFunctions</description>
   <schema schemaNamespace="http://www.labware.com/webservice"/>
   <parameter name="ServiceClass">com.web.ws.service.ListService</parameter>
  <parameter name="disasbleREST">true</parameter>
  <operation name="listMethods">
  <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
  </operation>
  <module ref="soapmonitor"/>
  <module ref="rampart"/>
  <parameter name="InflowSecurity">
    <action>
    <items>UsernameToken</items>
     <passwordCallbackClass>com.web.ws.control.PWCBHandler</passwordCallbackClass>
    </action>
  </parameter>
</service>

When I upgraded to Axis 1.7.2 things break. The PasswordCallBackHandlers are not called .

I searched for Services.xml dtd but did not find it. I am guessing I will have to add the CallBackHandlers as RampartConfig. Is there any other to fix the problem. Any help will be appreciated.

Solution

I was able to fix the problem. The PasswordCallBackHandler entries in services.xml and client.axis2.xml as listed in my question were Apache Rampart 1.0 style configuration. They worked with Axis 1.5.1 and Axis 1.6.2 libraries. The support for Rampart 1.0 configuration has been discontinued in Axis2 1.7.0. Please see the following link

https://axis.apache.org/axis2/java/rampart/release-notes/1.7.0.html

The standard way which worked was to create a policy file and add the PasswordCallBackHandler as RampartConfig . If anybody needs it, I will be more than willing to help out.