You are viewing a plain text version of this content. The canonical link for it is here.

Posted to rampart-dev@ws.apache.org by Nencho Lupanov <ne...@googlemail.com> on 2007/09/18 17:54:54 UTC

[axis2 , rampart] When using Username Token password is hashed by default?

Hello,

I am using a security policy with Usernametoken enabled.
I expected to have a clean text password because all i used in my poolicy
is:


<sp:SignedSupportingTokens xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">

    <wsp:Policy>

        <sp:UsernameToken sp:IncludeToken="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
" />

    </wsp:Policy>

</sp:SignedSupportingTokens>

Anyway, i get a hashed password..shouldn't the password be plain text by
default and to be hashed only if

you specify this in the policy.I am asking because axis2 is treating hashed
passwords differenty.



thanks,

Nencho

Re: [axis2 , rampart] When using Username Token password is hashed by default?

Posted by Nencho Lupanov <ne...@googlemail.com>.

hello again,

I'll try to anwer myself:

The plain text password is set as a property only if transport binding is
used.
Why the password type is not set to plain text when asymetricbinding is used
for example?

thanks,
Nencho


2007/9/18, Nencho Lupanov <ne...@googlemail.com>:
>
> Hello,
>
> I am using a security policy with Usernametoken enabled.
> I expected to have a clean text password because all i used in my poolicy
> is:
>
>
> <
> sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
> ">
>
>     <wsp:Policy>
>
>         <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
> " />
>
>     </wsp:Policy>
>
> </sp:SignedSupportingTokens>
>
> Anyway, i get a hashed password..shouldn't the password be plain text by
> default and to be hashed only if
>
> you specify this in the policy.I am asking because axis2 is treating
> hashed passwords differenty.
>
>
>
> thanks,
>
> Nencho
>

Re: [axis2 , rampart] When using Username Token password is hashed by default?

Posted by Jon Hanshew <jh...@visa.com>.

The only way to get a plain text password that I have found is to use basic
security.  Check out Rampart basic sample03.



Nencho Lupanov wrote:
> 
> Hello,
> 
> I am using a security policy with Usernametoken enabled.
> I expected to have a clean text password because all i used in my poolicy
> is:
> 
> 
> <sp:SignedSupportingTokens xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> 
>     <wsp:Policy>
> 
>         <sp:UsernameToken sp:IncludeToken="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
> " />
> 
>     </wsp:Policy>
> 
> </sp:SignedSupportingTokens>
> 
> Anyway, i get a hashed password..shouldn't the password be plain text by
> default and to be hashed only if
> 
> you specify this in the policy.I am asking because axis2 is treating
> hashed
> passwords differenty.
> 
> 
> 
> thanks,
> 
> Nencho
> 
> 

-- 
View this message in context: http://www.nabble.com/-axis2-%2C-rampart--When-using-Username-Token-password-is-hashed-by-default--tf4475256.html#a12782395
Sent from the Axis - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org

Re: [axis2 , rampart] When using Username Token password is hashed by default?

Posted by Nencho Lupanov <ne...@googlemail.com>.

hello again,

I'll try to anwer myself:

The plain text password is set as a property only if transport binding is
used.
Why the password type is not set to plain text when asymetricbinding is used
for example?

thanks,
Nencho


2007/9/18, Nencho Lupanov <ne...@googlemail.com>:
>
> Hello,
>
> I am using a security policy with Usernametoken enabled.
> I expected to have a clean text password because all i used in my poolicy
> is:
>
>
> <
> sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
> ">
>
>     <wsp:Policy>
>
>         <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
> " />
>
>     </wsp:Policy>
>
> </sp:SignedSupportingTokens>
>
> Anyway, i get a hashed password..shouldn't the password be plain text by
> default and to be hashed only if
>
> you specify this in the policy.I am asking because axis2 is treating
> hashed passwords differenty.
>
>
>
> thanks,
>
> Nencho
>