Hi All , I am trying the rampart sample that comes with the distro. I am going with sample01, only that i wanted it to be slightly different: I change the sp:IncludeToken attribute, so instead of:
<sp:SignedSupportingTokens xmlns:sp=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:UsernameToken sp:IncludeToken=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/ AlwaysToRecipient" /> </wsp:Policy> </sp:SignedSupportingTokens> I have: <sp:SignedSupportingTokens xmlns:sp=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:UsernameToken sp:IncludeToken=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Once" /> </wsp:Policy> </sp:SignedSupportingTokens> I am saying that in both requests i can found the following soap with tcpmon: <wsse:UsernameToken xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-1673653"><wsse:Username>my_username</wsse:Username><wsse:Password Type=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText ">my_password</wsse:Password></wsse:UsernameToken> Does this means that the username and password will be sent only the first time?I tryed this but I still get the whole Usernametoken trasffered every time?Is this supposed to work like this or is there a bug in the rampart handling of the security policy? Thanks, Nencho