Digest authentication only works if you have access to the original password, since otherwise you can't recompute the digest that is used.I have a few questions about making SOAP requests with UsernameToken and digesting the password...
2) On the server side, I want to compare the UsernameToken against values stored in a database. So I can use getIdentifier() to lookup the password and call setPassword() with what I pull out of the database. However, we our passwords are already hashed before they are stored in the database. How can I have WSS4J compare the passwords in this situation? Or, if there is no built-in way - what classes do I need to tinker with to allow this to work?
thx andy
Therefore you probably need to use plain text passwords (assuming the plain version works) and encryption.
Cheers Martin
