Hello James, Well, I took a look at this link(1), which explains the wss4j parameters for the <requestFlow> and <responseFlow>. >From there I landed on this link(2) which says:
public static final java.lang.String *SIG_ALGO* Defines which signature algorithm to use. Currently this parameter is ignored - SHA1RSA is the only supported algorithm, will be enhanced soon. The application may set this parameter using the following method: call.setProperty(WSHandlerConstants.SIG_ALGO, "SHA1RSA"); At first sight looks like SHA2 is not supported... But it should be noted that this doc was done some time ago by the great work and dedication of Davanum Srinivas! To be 100% sure you may download the WSS4J 1.5.2 source code version and take a look inside. Hope this helps. Warmest regards, jose ferreiro (1) - http://wiki.apache.org/ws/FrontPage/WsFx/wss4jParameters (2) - http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/handler/WSHandlerConstants.html#SIG_ALGO On Wed, Jan 21, 2009 at 10:16 PM, James01 <[email protected]> wrote: > > Hi, > I am using WSS4J 1.5.2 version. As per spec UsernameToken is using SHA1 > for password digest. I need to use SHA2 to meet the requirements. > > What is the best approach to specify UsernameToken to use SHA2 instead of > SHA1? > > I appreciate your help. > > Thanks > James > -- > View this message in context: > http://www.nabble.com/Configuring-UsernameToken-for-algorithms-tp21592332p21592332.html > Sent from the WSS4J mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- Jose Ferreiro Systems Analysis and Design Specialist MSc in Communication Systems, EPFL.
