You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by Colm O hEigeartaigh <co...@apache.org> on 2019/08/06 09:36:56 UTC

Re: Continue to Support text password

Hi,

The WS-SecurityPolicy spec doesn't define a separate policy for plaintext
passwords - only for the "NoPassword" and "HashPassword" options. If you
want to support plaintext passwords, then don't use either of these
policies - and the "passwordType" variable in UsernameToken is set to null.

Colm.

On Fri, Jul 26, 2019 at 12:59 AM Jason Wang <ja...@gmail.com>
wrote:

> Hi there,
>
> I upgraded CXF into 3.2.2 from 2.7.* and found that our soap services that
> used to support both Password Digest and Password Text now only support
> Password Digest.
>
> Looking into the code, it seems to me that UsernameToken class
> (org.apache.wss4j:wss4j-policy:2.2.3 ) no longer has the 'TX_Password'. The
> own two PasswordTypes available are NoPassword and HashPassword.
>
> So my question is how to I continue to support clients with both options?
>
> Thanks
> Jason
>

-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com