Nonce at Server Side
Hello CXF Devs, Does CXF have the support for processing nonce at *server* side? As I understand from some posts CXF creates the nonce automatically when password digest is used at client side. If it does not have support yet at server side so does that mean we cannot use password digest at server side as combination of timestamp, *nonce* and password text are used to calculate the password digest. May be I read some old post or I am wrong. Kindly correct me. Thanks in advance. Best Regards, Rahul
RE: Nonce at Server Side
It's supported in so far as it'll get processed correctly to create the nonce+created+password digest. But nonce-caching for replay detection isn't supported as of yet...there's a jira open in WSS4J for it. Feel free to submit a patch :-) https://issues.apache.org/jira/browse/WSS-187 Colm. -Original Message- From: rahul.soa [mailto:rahul@googlemail.com] Sent: 06 July 2009 11:56 To: dev@cxf.apache.org Cc: Jarek Gawor Subject: Nonce at Server Side Hello CXF Devs, Does CXF have the support for processing nonce at *server* side? As I understand from some posts CXF creates the nonce automatically when password digest is used at client side. If it does not have support yet at server side so does that mean we cannot use password digest at server side as combination of timestamp, *nonce* and password text are used to calculate the password digest. May be I read some old post or I am wrong. Kindly correct me. Thanks in advance. Best Regards, Rahul
