Can't secure JAVA SE 6 WebService - code based on example doesn't work
I am trying to implement some form of security in my WebService using a Java 6 endpoint in my standard Swing application.
After several failed attempts at trying to get WSIT to function, I've bailed on it and am now trying the solution outlined here:
It doesn't work.
My implementation of SecurityEnvironmentHandler is first called with a SignatureKeyCallback from which I throw the UnsupportedCallbackException and after that there are no other callbacks on the server, particularly the expected PasswordValidationCallback.
So clients can freely call all the methods in my Web Service without requiring any username or password.
I have no idea why this is happening. Help please!