You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Mfenetre Mfenetre <mf...@gmail.com> on 2005/07/11 15:42:43 UTC
WSS4J Password Type
Hi all,
I'm using WSS4J and it works well. However, when I use a
UsernameToken, the value of the field "Type" for the Password is
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText".
I would like to use a value equal to "wsse:PasswordText". Is it
possible to do that ? (like specifying a specific value for Password
Type instead of "PasswordText" in the client_deploy.wsdd ? So far I've
tried "wsse:PasswordText" but it doesn't work...)
Thanks for your replies.
Regards,
Alexis.
Re: WSS4J Password Type
Posted by Hal <mf...@gmail.com>.
Ok Anne, thanks for this.
Alexis.
Anne Thomas Manes wrote:
>Per the OASIS WS-Security 2004 spec, the value of the "Type" field
>must be a URI, not a QName. This is one of the changes that occurred
>between older versions of WS-Security and the final OASIS standards.
>If you want to be spec-compliant, you must use
>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText".
>
>Anne
>
>On 7/11/05, Mfenetre Mfenetre <mf...@gmail.com> wrote:
>
>
>>Hi all,
>>
>>I'm using WSS4J and it works well. However, when I use a
>>UsernameToken, the value of the field "Type" for the Password is
>>"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText".
>>
>>I would like to use a value equal to "wsse:PasswordText". Is it
>>possible to do that ? (like specifying a specific value for Password
>>Type instead of "PasswordText" in the client_deploy.wsdd ? So far I've
>>tried "wsse:PasswordText" but it doesn't work...)
>>
>>Thanks for your replies.
>>Regards,
>>
>>Alexis.
>>
>>
>>
>
>
>
Re: WSS4J Password Type
Posted by Anne Thomas Manes <at...@gmail.com>.
Per the OASIS WS-Security 2004 spec, the value of the "Type" field
must be a URI, not a QName. This is one of the changes that occurred
between older versions of WS-Security and the final OASIS standards.
If you want to be spec-compliant, you must use
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText".
Anne
On 7/11/05, Mfenetre Mfenetre <mf...@gmail.com> wrote:
> Hi all,
>
> I'm using WSS4J and it works well. However, when I use a
> UsernameToken, the value of the field "Type" for the Password is
> "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText".
>
> I would like to use a value equal to "wsse:PasswordText". Is it
> possible to do that ? (like specifying a specific value for Password
> Type instead of "PasswordText" in the client_deploy.wsdd ? So far I've
> tried "wsse:PasswordText" but it doesn't work...)
>
> Thanks for your replies.
> Regards,
>
> Alexis.
>