You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Sam <j2...@gmail.com> on 2013/10/25 22:19:17 UTC
Password Digest implementation in CXF??
Hi guys,
In the latest usernameToken profile
http://docs.oasis-open.org/wss-m/wss/v1.1.1/os/wss-UsernameTokenProfile-v1.1.1-os.html,
it specified
the password digest should be: Password_Digest = Base64 ( SHA-1 ( nonce
+ created + password ) ) .
So my question is where in CXF is this implemented?
I want to generate this digest manually for soap request.
I checked CXF source code and the closest thing I found is
DigestAuthSupplier.java, which doesn't seem to be doing password digest
according to formula above.
Thanks,
Sam
Re: Password Digest implementation in CXF??
Posted by Daniel Kulp <dk...@apache.org>.
On Oct 25, 2013, at 4:19 PM, Sam <j2...@gmail.com> wrote:
> Hi guys,
>
> In the latest usernameToken profile http://docs.oasis-open.org/wss-m/wss/v1.1.1/os/wss-UsernameTokenProfile-v1.1.1-os.html, it specified
> the password digest should be: Password_Digest = Base64 ( SHA-1 ( nonce + created + password ) ) .
>
> So my question is where in CXF is this implemented?
This would be down in WSS4J:
http://svn.apache.org/repos/asf/webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/message/token/UsernameToken.java
Dan
> I want to generate this digest manually for soap request.
>
> I checked CXF source code and the closest thing I found is DigestAuthSupplier.java, which doesn't seem to be doing password digest according to formula above.
>
> Thanks,
> Sam
--
Daniel Kulp
dkulp@apache.org - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com