XWSS Interceptor works with IBM JVM

Hi All,

This post is meant for people who are trying to setup basic authentication using XwsSecurityInterceptor on Websphre 6.1. Even though it is mentioned in Spring documentation that XWSS works with Sun JDK/JVM but you can use it with IBM JVM following two simple steps:

1. Use the following jar files and add in WEB-INF/lib folder
jaxp-api.jar, jaxp-ri.jar, saaj-api-1.3.jar, saaj-impl-1.3.2.jar, xws-security-2.0-FCS.jar

2. Set the classloading of your war module to "PARENT_LAST".

Unfortunately I could not make "org.springframework.ws.soap.security.xwss.callbac k.jaas.JaasPlainTextPasswordValidationCallbackHand ler" of spring work with IBM Websphere. The problem for me was that this class handles "NameCallback" and "PasswordCallback" only. But there was another callback was getting executed "com.ibm.websphere.security.auth.callback.WSCredTo kenCallbackImpl" which prompted JaasPlainTextPasswordValidationCallbackHandler to throw UnsupportedCallbackException.

To resolve this, I have written my customized JaasPlainTextPasswordValidationCallbackHandler. The only change being that instead of throwing UnsupportedCallbackException, I have just logged it as warning. Its working fine for me as of now.

I am not too good with callbacks and not sure what will be the impact of it in long run, but things are looking good right now :).

Regards,
Naveen Bohra