You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by Ellecer Valencia <el...@gmail.com> on 2009/10/30 01:53:36 UTC
PasswordDigest not being displayed in WS-Policy in generated WSDL -
bug or not bug?
Hi,
I've set up a webservice with Rampart and WS-Policy to use Password
Digest for authentication. However, I've noticed that when the WSDL is
generated by Axis, the WS-Policy doesn't actually make any mention of
this. Is this how it's supposed to work?
The Ws Policy shown in the WSDL is this:
<wsp:Policy
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="UsernameToken">
<wsp:ExactlyOne>
<wsp:All>
<sp:SupportingTokens
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"/>
</wsp:Policy>
</sp:SupportingTokens>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
This portion that was in the services.xml seems to have been left out:
<wsp:Policy>
<sp:HashPassword/>
</wsp:Policy>
Does this indicate a problem with Rampart passing on the policy
information to Axis2 (or Axis2 when creating the WSDL), or is
everything working as it should?
Is WS-Policy in a WSDL also meant to indicate if Password Digest is
used? If the idea is that WSDL represents a contract between clients
and a service, then shouldn't the usage of Password digest be more
explicit?
thanks,
Ellecer