[ http://jira.codehaus.org/browse/XFIRE-383?page=comments#action_64817 ]
Tomasz Sztelak commented on XFIRE-383: -------------------------------------- This is a correct behaviour for wss4j. There are 2 forms which can be used to send password, plain text and hashed form. The default one is hashed form, so if you don't specify explicitly to use plain form, the password will be hashed. You can check our examples, there is a code which show how to use hashed and plain form. > Does XFire-WS-Security WSS4JInHandler properly handle UsernameToken? > -------------------------------------------------------------------- > > Key: XFIRE-383 > URL: http://jira.codehaus.org/browse/XFIRE-383 > Project: XFire > Type: Bug > Versions: 1.1-RC1 > Environment: jdk1.5.0_06, maven2.0.4, eclipse 3.1.2 > Reporter: Brian Bonner > Assignee: Dan Diephouse > Attachments: WSS4JInOutUserNameTokenTest.java, ws-security-testcase-patch.txt > > > I've attached a patch to the WSS4JInOutTest to illustrate what I think the > problem is. > Specifically, > When the Action is set to UsernameToken, > The password line is presented like this: > <wsse:Password > Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest"; > > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>k6fDmkGxRMWElSjBsU1XPFrn1Zc=</wsse:Password> > It looks like a digest. > Can someone confirm this? -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
