You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by Jason Wang <ja...@gmail.com> on 2019/07/25 23:59:27 UTC

Continue to Support text password

Hi there,

I upgraded CXF into 3.2.2 from 2.7.* and found that our soap services that
used to support both Password Digest and Password Text now only support
Password Digest.

Looking into the code, it seems to me that UsernameToken class
(org.apache.wss4j:wss4j-policy:2.2.3 ) no longer has the 'TX_Password'. The
own two PasswordTypes available are NoPassword and HashPassword.

So my question is how to I continue to support clients with both options?

Thanks
Jason

RE: Continue to Support text password

Posted by Varun Singhal <va...@live.com>.

Hello Jason,

Not sure, if this will help you, so if it doesn’t, sorry for the spam 😉

But we have a CXF based WS that is running on 3.2.7 version and the consumer sends us the password in text.

I have attached the request for your reference.


Warm Regards,
Varun SINGHAL

From: Jason Wang<ma...@gmail.com>
Sent: 26 July 2019 05:29
To: users@cxf.apache.org<ma...@cxf.apache.org>
Subject: Continue to Support text password

Hi there,

I upgraded CXF into 3.2.2 from 2.7.* and found that our soap services that
used to support both Password Digest and Password Text now only support
Password Digest.

Looking into the code, it seems to me that UsernameToken class
(org.apache.wss4j:wss4j-policy:2.2.3 ) no longer has the 'TX_Password'. The
own two PasswordTypes available are NoPassword and HashPassword.

So my question is how to I continue to support clients with both options?

Thanks
Jason

Re: Continue to Support text password

Posted by Colm O hEigeartaigh <co...@apache.org>.

Hi,

The WS-SecurityPolicy spec doesn't define a separate policy for plaintext
passwords - only for the "NoPassword" and "HashPassword" options. If you
want to support plaintext passwords, then don't use either of these
policies - and the "passwordType" variable in UsernameToken is set to null.

Colm.

On Fri, Jul 26, 2019 at 12:59 AM Jason Wang <ja...@gmail.com>
wrote:

> Hi there,
>
> I upgraded CXF into 3.2.2 from 2.7.* and found that our soap services that
> used to support both Password Digest and Password Text now only support
> Password Digest.
>
> Looking into the code, it seems to me that UsernameToken class
> (org.apache.wss4j:wss4j-policy:2.2.3 ) no longer has the 'TX_Password'. The
> own two PasswordTypes available are NoPassword and HashPassword.
>
> So my question is how to I continue to support clients with both options?
>
> Thanks
> Jason
>

-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com