You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-user@axis.apache.org by Mfenetre Mfenetre <mf...@gmail.com> on 2005/07/11 15:42:43 UTC

WSS4J Password Type

Hi all,

I'm using WSS4J and it works well. However, when I use a
UsernameToken, the value of the field "Type" for the Password is
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText".

I would like to use a value equal to "wsse:PasswordText". Is it
possible to do that ? (like specifying a specific value for Password
Type instead of "PasswordText" in the client_deploy.wsdd ? So far I've
tried "wsse:PasswordText" but it doesn't work...)

Thanks for your replies.
Regards,

Alexis.

Re: WSS4J Password Type

Posted by Hal <mf...@gmail.com>.

Ok Anne, thanks for this.

Alexis.

Anne Thomas Manes wrote:

>Per the OASIS WS-Security 2004 spec, the value of the "Type" field
>must be a URI, not a QName. This is one of the changes that occurred
>between older versions of WS-Security and the final OASIS standards.
>If you want to be spec-compliant, you must use
>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText".
>
>Anne
>
>On 7/11/05, Mfenetre Mfenetre <mf...@gmail.com> wrote:
>  
>
>>Hi all,
>>
>>I'm using WSS4J and it works well. However, when I use a
>>UsernameToken, the value of the field "Type" for the Password is
>>"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText".
>>
>>I would like to use a value equal to "wsse:PasswordText". Is it
>>possible to do that ? (like specifying a specific value for Password
>>Type instead of "PasswordText" in the client_deploy.wsdd ? So far I've
>>tried "wsse:PasswordText" but it doesn't work...)
>>
>>Thanks for your replies.
>>Regards,
>>
>>Alexis.
>>
>>    
>>
>
>  
>

Re: WSS4J Password Type

Posted by Anne Thomas Manes <at...@gmail.com>.

Per the OASIS WS-Security 2004 spec, the value of the "Type" field
must be a URI, not a QName. This is one of the changes that occurred
between older versions of WS-Security and the final OASIS standards.
If you want to be spec-compliant, you must use
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText".

Anne

On 7/11/05, Mfenetre Mfenetre <mf...@gmail.com> wrote:
> Hi all,
> 
> I'm using WSS4J and it works well. However, when I use a
> UsernameToken, the value of the field "Type" for the Password is
> "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText".
> 
> I would like to use a value equal to "wsse:PasswordText". Is it
> possible to do that ? (like specifying a specific value for Password
> Type instead of "PasswordText" in the client_deploy.wsdd ? So far I've
> tried "wsse:PasswordText" but it doesn't work...)
> 
> Thanks for your replies.
> Regards,
> 
> Alexis.
>