Re: is this PASSWORD_TEXT problem a bug of WSS4J

Xinjun Chen Thu, 18 May 2006 22:44:05 -0700

Have anyone experienced this before?

Regards,

Xinjun

On 5/16/06, Xinjun Chen <[EMAIL PROTECTED]> wrote:

I experienced the following issues. Even though I specify password type to be WSConstants.PASSWORD.TEXT, i still get the digested password in the header.

The following is the code snippet.

  Document domDoc = Axis2Util.getDocumentFromSOAPEnvelope(envelope);
  WSSAddUsernameToken builder = new WSSAddUsernameToken("", false);

token.setDigest(true);
  if (token.isDigest()) {
   builder.setPasswordType(WSConstants.PASSWORD_DIGEST);
  } else {
   builder.setPasswordType(WSConstants.PASSWORD_TEXT);
  }
  builder.build(domDoc, token.getUsername(), token.getPassword());

  Element domHeader = (Element) domDoc.getFirstChild().getFirstChild();
  OMElement omHeader = (OMElement) (Axis2Util.toOM(domHeader));
  log.debug("[SenderHandler][addUsernameToken] omHeader: " + omHeader.toString());

By right, the omHeader should contain the security header with plain text password. However, what I get is digested password with nounce and created.

Is this a bug of WSS4J or I missed out something?

Regards,

Xinjun

Re: is this PASSWORD_TEXT problem a bug of WSS4J

Reply via email to