Hi, The WS-SecurityPolicy spec doesn't define a separate policy for plaintext passwords - only for the "NoPassword" and "HashPassword" options. If you want to support plaintext passwords, then don't use either of these policies - and the "passwordType" variable in UsernameToken is set to null.
Colm. On Fri, Jul 26, 2019 at 12:59 AM Jason Wang <jason.lei.w...@gmail.com> wrote: > Hi there, > > I upgraded CXF into 3.2.2 from 2.7.* and found that our soap services that > used to support both Password Digest and Password Text now only support > Password Digest. > > Looking into the code, it seems to me that UsernameToken class > (org.apache.wss4j:wss4j-policy:2.2.3 ) no longer has the 'TX_Password'. The > own two PasswordTypes available are NoPassword and HashPassword. > > So my question is how to I continue to support clients with both options? > > Thanks > Jason > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com