Hello Jason, Not sure, if this will help you, so if it doesn’t, sorry for the spam 😉
But we have a CXF based WS that is running on 3.2.7 version and the consumer sends us the password in text. I have attached the request for your reference. Warm Regards, Varun SINGHAL From: Jason Wang<mailto:jason.lei.w...@gmail.com> Sent: 26 July 2019 05:29 To: users@cxf.apache.org<mailto:users@cxf.apache.org> Subject: Continue to Support text password Hi there, I upgraded CXF into 3.2.2 from 2.7.* and found that our soap services that used to support both Password Digest and Password Text now only support Password Digest. Looking into the code, it seems to me that UsernameToken class (org.apache.wss4j:wss4j-policy:2.2.3 ) no longer has the 'TX_Password'. The own two PasswordTypes available are NoPassword and HashPassword. So my question is how to I continue to support clients with both options? Thanks Jason
<?xml version="1.0" encoding="UTF-8"?> <soap:Envelope xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurityutility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Header> <wsse:Security soap:mustUnderstand="1"> <wsse:UsernameToken wsu:Id=""> <wsse:Username></wsse:Username> <wsse:Password></wsse:Password> <wsse:PartnerID></wsse:PartnerID> </wsse:UsernameToken> </wsse:Security> <wsa:To>URL</wsa:To> <wsa:Action>URL</wsa:Action> <wsa:From> <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address> </wsa:From> </soap:Header> <soap:Body> </soap:Body> </soap:Envelope> <?xml version="1.0" encoding="UTF-8"?>