Hi Praveen, Can you post the complete policy ? So we can see that whether your policy is configured to send the timestamp.
Yes, Rampart used to sent password in digest by default and now it is fixed and now the Username tokens used as (signed)supporting tokens have the password in plaintext. Username Tokens are also encrypted as the password is in plain text as described in the web services security policy specification. Can you take a check out from latest Rampart trunk [1] and try this. Regards, Nandana [1] https://svn.apache.org/repos/asf/webservices/rampart/trunk/java On Nov 10, 2007 1:48 AM, Praveen Palwai <[EMAIL PROTECTED]> wrote: > Hi,I am using Axis2 1.3, rampart 1.3 to send username token to a Web > Service running on websphere. > I am using RampartConfig to set the user and the password callback class. > My question is using this configuration, the security header always has > nonce, timestamp included and the password is of type digest. What do I need > to do so that the request doesn't contain nonce, timestamp and the password > is sent in clear text instead of digest. I have the following policy.xmlfile > > <?xml version="1.0" encoding="UTF-8"?> > <wsp:ExactlyOne> > <wsp:All> > <wsp:Policy> > <sp:UsernameToken/> > </wsp:Policy> > </sp:SignedSupportingTokens> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > > code snippet: > _serviceClient.engageModule("rampart"); > RampartConfig rc = new RampartConfig(); > rc.setUser("patadmin"); > rc.setPwCbClass("PWCBHandler"); > Policy policy = loadPolicy("policy.xml"); > policy.addAssertion(rc); > > _serviceClient.getOptions().setProperty( > RampartMessageData.KEY_RAMPART_POLICY, policy); > > Thanks, > Praveen Palwai. > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com >