You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by James Gough <wh...@gmail.com> on 2006/05/25 20:27:45 UTC
[Axis 1.4/WSS4J 1.5]UsernameTokenSignature and UsernameToken 2 tokens,
1 with cleartext password!
I am using the following .wsdd file:
<deployment xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<globalConfiguration >
<requestFlow >
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="UsernameTokenSignature
UsernameToken Timestamp"/>
<parameter name="user" value="test"/>
<parameter name="passwordCallbackClass"
value="com.somepackage.security.PWCallback"/>
<parameter name="passwordType" value="PasswordDigest"/>
</handler>
</requestFlow >
</globalConfiguration >
</deployment>
in my Axis java client, and in my soap headers I am getting 2
UsernameToken headers:
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="UsernameToken-23257749">
<wsse:Username>test</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">OD3WcHIcSLOs8k3EkqTlHhtWxWs=</wsse:Password>
<wsse:Nonce>pBZpeZdNj0LFNNImpR12bA==</wsse:Nonce>
<wsu:Created>2006-05-25T17:11:15.687Z</wsu:Created>
</wsse:UsernameToken>
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="UsernameToken-6426875">
<wsse:Username>test</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">testpass</wsse:Password>
<wsse:Nonce>yvD7czBCIkzOKEy6/Aot9w==</wsse:Nonce>
<wsu:Created>2006-05-25T17:11:15.437Z</wsu:Created>
</wsse:UsernameToken>
I need the password to be of type PasswordDigest. I had posted
previously the desired output I wanted, and was advised to use
UsernameTokenSignature, UsernameToken and TimeStamp
. If I just use UsernameTokenSignature, I only get one UsernameToken,
but the password is not digested. Any hints?
Jim
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org