You are viewing a plain text version of this content. The canonical link for it is here.

Posted to fx-dev@ws.apache.org by James Gough <wh...@gmail.com> on 2006/05/25 20:27:45 UTC

[Axis 1.4/WSS4J 1.5]UsernameTokenSignature and UsernameToken 2 tokens, 1 with cleartext password!

I am using the following .wsdd file:

<deployment xmlns="http://xml.apache.org/axis/wsdd/" 
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
 <transport name="http" 
pivot="java:org.apache.axis.transport.http.HTTPSender"/>
  <globalConfiguration >
   <requestFlow >
    <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
     <parameter name="action" value="UsernameTokenSignature 
UsernameToken Timestamp"/>
     <parameter name="user" value="test"/>
     <parameter name="passwordCallbackClass" 
value="com.somepackage.security.PWCallback"/>
     <parameter name="passwordType" value="PasswordDigest"/>
    </handler>
   </requestFlow >
  </globalConfiguration >
</deployment>
 

in my Axis java client, and in my soap headers I am getting 2 
UsernameToken headers:

<wsse:UsernameToken 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
wsu:Id="UsernameToken-23257749">
<wsse:Username>test</wsse:Username>
<wsse:Password 
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">OD3WcHIcSLOs8k3EkqTlHhtWxWs=</wsse:Password>
<wsse:Nonce>pBZpeZdNj0LFNNImpR12bA==</wsse:Nonce>
<wsu:Created>2006-05-25T17:11:15.687Z</wsu:Created>
</wsse:UsernameToken>
<wsse:UsernameToken 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
wsu:Id="UsernameToken-6426875">
<wsse:Username>test</wsse:Username>
<wsse:Password 
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">testpass</wsse:Password>
<wsse:Nonce>yvD7czBCIkzOKEy6/Aot9w==</wsse:Nonce>
<wsu:Created>2006-05-25T17:11:15.437Z</wsu:Created>
</wsse:UsernameToken>

I need the password to be of type PasswordDigest.   I had posted 
previously the desired output I wanted, and was advised to use 
UsernameTokenSignature, UsernameToken and TimeStamp
.   If I just use  UsernameTokenSignature, I only get one UsernameToken, 
but the password is not digested.  Any hints?

Jim

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org