You are viewing a plain text version of this content. The canonical link for it is here.

Posted to fx-dev@ws.apache.org by Xinjun Chen <xj...@gmail.com> on 2006/05/16 10:55:13 UTC

is this PASSWORD_TEXT problem a bug of WSS4J

I experienced the following issues. Even though I specify password type to
be WSConstants.PASSWORD.TEXT, i still get the digested password in the
header.

The following is the code snippet.

  Document domDoc = Axis2Util.getDocumentFromSOAPEnvelope(envelope);
  WSSAddUsernameToken builder = new WSSAddUsernameToken("", false);
  token.setDigest(true);
  if (token.isDigest()) {
   builder.setPasswordType(WSConstants.PASSWORD_DIGEST);
  } else {
   builder.setPasswordType(WSConstants.PASSWORD_TEXT);
  }
  builder.build(domDoc, token.getUsername(), token.getPassword());

  Element domHeader = (Element) domDoc.getFirstChild
().getFirstChild();
  OMElement omHeader = (OMElement) (Axis2Util.toOM(domHeader));
  log.debug("[SenderHandler][addUsernameToken] omHeader: " +
omHeader.toString());

By right, the omHeader should contain the security header with plain text
password. However, what I get is digested password with nounce and created.

Is this a bug of WSS4J or I missed out something?

Regards,
Xinjun

Re: is this PASSWORD_TEXT problem a bug of WSS4J

Posted by Xinjun Chen <xj...@gmail.com>.

Have anyone experienced this before?

Regards,
Xinjun


On 5/16/06, Xinjun Chen <xj...@gmail.com> wrote:
>
>  I experienced the following issues. Even though I specify password type
> to be WSConstants.PASSWORD.TEXT, i still get the digested password in the
> header.
>
> The following is the code snippet.
>
>   Document domDoc = Axis2Util.getDocumentFromSOAPEnvelope(envelope);
>   WSSAddUsernameToken builder = new WSSAddUsernameToken("", false);
>   token.setDigest(true);
>   if (token.isDigest()) {
>    builder.setPasswordType(WSConstants.PASSWORD_DIGEST);
>   } else {
>    builder.setPasswordType(WSConstants.PASSWORD_TEXT);
>   }
>   builder.build(domDoc, token.getUsername(), token.getPassword());
>
>   Element domHeader = (Element) domDoc.getFirstChild
> ().getFirstChild();
>   OMElement omHeader = (OMElement) (Axis2Util.toOM(domHeader));
>   log.debug("[SenderHandler][addUsernameToken] omHeader: " +
> omHeader.toString());
>
> By right, the omHeader should contain the security header with plain text
> password. However, what I get is digested password with nounce and created.
>
> Is this a bug of WSS4J or I missed out something?
>
> Regards,
>  Xinjun
>
>

Re: is this PASSWORD_TEXT problem a bug of WSS4J

Posted by Xinjun Chen <xj...@gmail.com>.

Have anyone experienced this before?

Regards,
Xinjun


On 5/16/06, Xinjun Chen <xj...@gmail.com> wrote:
>
>  I experienced the following issues. Even though I specify password type
> to be WSConstants.PASSWORD.TEXT, i still get the digested password in the
> header.
>
> The following is the code snippet.
>
>   Document domDoc = Axis2Util.getDocumentFromSOAPEnvelope(envelope);
>   WSSAddUsernameToken builder = new WSSAddUsernameToken("", false);
>   token.setDigest(true);
>   if (token.isDigest()) {
>    builder.setPasswordType(WSConstants.PASSWORD_DIGEST);
>   } else {
>    builder.setPasswordType(WSConstants.PASSWORD_TEXT);
>   }
>   builder.build(domDoc, token.getUsername(), token.getPassword());
>
>   Element domHeader = (Element) domDoc.getFirstChild
> ().getFirstChild();
>   OMElement omHeader = (OMElement) (Axis2Util.toOM(domHeader));
>   log.debug("[SenderHandler][addUsernameToken] omHeader: " +
> omHeader.toString());
>
> By right, the omHeader should contain the security header with plain text
> password. However, what I get is digested password with nounce and created.
>
> Is this a bug of WSS4J or I missed out something?
>
> Regards,
>  Xinjun
>
>