is this PASSWORD_TEXT problem a bug of WSS4J

[Xinjun Chen]

I experienced the following issues. Even though I specify password type to be WSConstants.PASSWORD.TEXT, i still get the digested password in the header.

 

The following is the code snippet.

 

  Document domDoc = Axis2Util.getDocumentFromSOAPEnvelope(envelope);
  WSSAddUsernameToken builder = new WSSAddUsernameToken("", false);

  token.setDigest(true);
  if (token.isDigest()) {
   builder.setPasswordType(WSConstants.PASSWORD_DIGEST);
  } else {
   builder.setPasswordType(WSConstants.PASSWORD_TEXT);
  }
  builder.build(domDoc, token.getUsername(), token.getPassword());
      
  Element domHeader = (Element) domDoc.getFirstChild().getFirstChild();      
  OMElement omHeader = (OMElement) (Axis2Util.toOM(domHeader));    
  log.debug("[SenderHandler][addUsernameToken] omHeader: " + omHeader.toString());

 

By right, the omHeader should contain the security header with plain text password. However, what I get is digested password with nounce and created.

 

Is this a bug of WSS4J or I missed out something?

 

Regards,

Xinjun