You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Xinjun Chen <xj...@gmail.com> on 2006/05/16 10:55:13 UTC
is this PASSWORD_TEXT problem a bug of WSS4J
I experienced the following issues. Even though I specify password type to
be WSConstants.PASSWORD.TEXT, i still get the digested password in the
header.
The following is the code snippet.
Document domDoc = Axis2Util.getDocumentFromSOAPEnvelope(envelope);
WSSAddUsernameToken builder = new WSSAddUsernameToken("", false);
token.setDigest(true);
if (token.isDigest()) {
builder.setPasswordType(WSConstants.PASSWORD_DIGEST);
} else {
builder.setPasswordType(WSConstants.PASSWORD_TEXT);
}
builder.build(domDoc, token.getUsername(), token.getPassword());
Element domHeader = (Element) domDoc.getFirstChild
().getFirstChild();
OMElement omHeader = (OMElement) (Axis2Util.toOM(domHeader));
log.debug("[SenderHandler][addUsernameToken] omHeader: " +
omHeader.toString());
By right, the omHeader should contain the security header with plain text
password. However, what I get is digested password with nounce and created.
Is this a bug of WSS4J or I missed out something?
Regards,
Xinjun
Re: is this PASSWORD_TEXT problem a bug of WSS4J
Posted by Xinjun Chen <xj...@gmail.com>.
Have anyone experienced this before?
Regards,
Xinjun
On 5/16/06, Xinjun Chen <xj...@gmail.com> wrote:
>
> I experienced the following issues. Even though I specify password type
> to be WSConstants.PASSWORD.TEXT, i still get the digested password in the
> header.
>
> The following is the code snippet.
>
> Document domDoc = Axis2Util.getDocumentFromSOAPEnvelope(envelope);
> WSSAddUsernameToken builder = new WSSAddUsernameToken("", false);
> token.setDigest(true);
> if (token.isDigest()) {
> builder.setPasswordType(WSConstants.PASSWORD_DIGEST);
> } else {
> builder.setPasswordType(WSConstants.PASSWORD_TEXT);
> }
> builder.build(domDoc, token.getUsername(), token.getPassword());
>
> Element domHeader = (Element) domDoc.getFirstChild
> ().getFirstChild();
> OMElement omHeader = (OMElement) (Axis2Util.toOM(domHeader));
> log.debug("[SenderHandler][addUsernameToken] omHeader: " +
> omHeader.toString());
>
> By right, the omHeader should contain the security header with plain text
> password. However, what I get is digested password with nounce and created.
>
> Is this a bug of WSS4J or I missed out something?
>
> Regards,
> Xinjun
>
>
Re: is this PASSWORD_TEXT problem a bug of WSS4J
Posted by Xinjun Chen <xj...@gmail.com>.
Have anyone experienced this before?
Regards,
Xinjun
On 5/16/06, Xinjun Chen <xj...@gmail.com> wrote:
>
> I experienced the following issues. Even though I specify password type
> to be WSConstants.PASSWORD.TEXT, i still get the digested password in the
> header.
>
> The following is the code snippet.
>
> Document domDoc = Axis2Util.getDocumentFromSOAPEnvelope(envelope);
> WSSAddUsernameToken builder = new WSSAddUsernameToken("", false);
> token.setDigest(true);
> if (token.isDigest()) {
> builder.setPasswordType(WSConstants.PASSWORD_DIGEST);
> } else {
> builder.setPasswordType(WSConstants.PASSWORD_TEXT);
> }
> builder.build(domDoc, token.getUsername(), token.getPassword());
>
> Element domHeader = (Element) domDoc.getFirstChild
> ().getFirstChild();
> OMElement omHeader = (OMElement) (Axis2Util.toOM(domHeader));
> log.debug("[SenderHandler][addUsernameToken] omHeader: " +
> omHeader.toString());
>
> By right, the omHeader should contain the security header with plain text
> password. However, what I get is digested password with nounce and created.
>
> Is this a bug of WSS4J or I missed out something?
>
> Regards,
> Xinjun
>
>