Hello, The client-side works correctly, and put the correct header :
<wsse:UsernameToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-20077002"> <wsse:Username>wsclient</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">ibGhloI7ItKghfEQ9gG3bORW0Bc= </wsse:Password> <wsse:Nonce>Joti0LCVhY1AE5cu/IX0qw== </wsse:Nonce> <wsu:Created>2009-04-14T08:19:01.140Z </wsu:Created> </wsse:UsernameToken> But the server-side password callback always return null value for password ! Configuration is : <bean id="wss4jInInterceptor" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> <property name="properties"> <map> <entry key="action" value="UsernameToken Timestamp"/> <entry key="passwordType" value="PasswordDigest"/> <entry key="passwordCallbackRef"> <ref bean="serverPasswordCallback"/> </entry> </map> </property> </bean> <jaxws:endpoint id="WSRepositoryService" implementor="#RepositoryServiceImpl" address="/ws/repository"> <jaxws:features> <bean class="org.apache.cxf.feature.LoggingFeature"/> </jaxws:features> <jaxws:inInterceptors> <ref bean="wss4jInInterceptor"/> </jaxws:inInterceptors> </jaxws:endpoint> Do I miss something ? PS. It's working well when I'am using PasswordText. -- View this message in context: http://www.nabble.com/CXF---WS-Security%2C-Using-PasswordDigest-return-password-null-tp23036393p23036393.html Sent from the cxf-user mailing list archive at Nabble.com.