Brian,
according to the Javadoc of WSConstants you should use
"WSConstants.PW_TEXT".
<quote>
/**
* Sets the .....
* Sets the .....
* method to send the password in
clear
* <p/>
* This is a required method as defined by WS Specification, Username token profile.
*/
public static final String PW_TEXT = "PasswordText";
* <p/>
* This is a required method as defined by WS Specification, Username token profile.
*/
public static final String PW_TEXT = "PasswordText";
</quote>
Regards,
Werner
Hi all,
Von: Brian Woo [mailto:[EMAIL PROTECTED]
Gesendet: Donnerstag, 24. November 2005 23:05
An: Paul Jamason
Cc: [email protected]
Betreff: Possible Bug? WSConstants.PASSWORD_TEXT set but PasswordDigest sent...
I might have found a bug in the (WSS4J / AXIS). I have tried to send a UsernameToken in plain text (PASSWORD_TEXT) but the SOAP message is sending a PasswordDigest block instead. Note that, the server handler can see decode the SOAP message and get my username correctly.
private void doSomething()
{
//modify the path to the client_deploy.wsdd
EngineConfiguration config = new FileProvider(
"client_deploy_without_parameters.wsdd");
DummyServiceService locator = new DummyServiceServiceLocator(
config);
try
{
Remote remote = locator.getPort(DummyService.class);
Stub axisPort = (Stub) remote;
axisPort._setProperty(WSHandlerConstants.ACTION,
WSHandlerConstants.USERNAME_TOKEN);
axisPort._setProperty(UsernameToken.PASSWORD_TYPE,
WSConstants.PASSWORD_TEXT );
axisPort._setProperty(WSHandlerConstants.USER, "bwoo");
// Use my Handler class...
ClientAuthenticationHandler pwCallback = new ClientAuthenticationHandler();
axisPort._setProperty(WSHandlerConstants.PW_CALLBACK_REF, pwCallback);
DummyServiceSoapBindingStub service =
(DummyServiceSoapBindingStub) axisPort;
System.out.println("Calling service...");
service.doSomething();
}
catch (Exception e)
{
e.printStackTrace();
}
}
And this is the actually SOAP sent (sending PasswordDigest):
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd=" http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
<wsse:UsernameToken>
<wsse:Username>bwoo</wsse:Username>
<wsse:Password Type=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">QxdnxcARsfL55IBpxa7dgaDEIYU=</wsse:Password>
<wsse:Nonce>RQ6MrBY1RBEQXCN998yb2Q==</wsse:Nonce>
<wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" >2005-11-24T21:54:46.350Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<doSomething/>
</soapenv:Body>
</soapenv:Envelope>
I have found someone reporting the same problem, but no response:
http://www.mail-archive.com/[email protected]/msg00182.html
Is this a bug or am I missing something?
