You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-user@axis.apache.org by falom <fa...@yahoo.com.cn> on 2006/11/04 18:42:28 UTC

回复： WSS4J and UsernameToken replay

Hi,

I think you can retrieve the desired nonce directly from the soap header.

falom

Christian Keiler <ch...@web.de> 写道： Hi,

I'm using Axis2 in connection with the rampart module. I want to 
authenticate users by an UsernameToken using digests. Considering 
possible replay attacks I want to save some nonce values within my 
service implementation and do not want to accept twice used "nonce" in a 
given time. Does one of you know, how to do this with the mentioned 
frameworks? The WSPasswordCallback is missing a getNonce() and a 
getCreated() method as well...is this "just" a bug or are there other 
possibilities to manage my problem?

Thanks in advance,
Christian

---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org



 		
---------------------------------
 雅虎免费邮箱-3.5G容量，20M附件