Hi Michael, Those attributes are mandatory according to the Basic Security Profile 1.1 specification, which is enforced by default in WSS4J 1.6. You can disable the Basic Security Profile enforcement, if you are processing third-party UsernameTokens with WSS4J.
See the section "Basic Security Profile 1.1 compliance" here: http://ws.apache.org/wss4j/topics.html Colm. On Thu, Jun 9, 2011 at 9:28 AM, Mike O'Connell <[email protected]> wrote: > Hi All > > I've run into an issue during interoperability testing using WSS4j and the > UsernameToken. > > The following element attributes that are defined as optional in the wss-1.1 > specification (link below) are not optional in WSS4j-1.6.0 (according to > source): > > * /wsse:UsernameToken/wsse:Password/@Type > * /wsse:UsernameToken/wsse:Nonce/@EncodingType > > From section 3.1 of the specification > http://www.oasis-open.org/committees/download.php/16782/wss-v1.1-spec-os-UsernameTokenProfile.pdf > > I've changed it locally but I feel it needs to be integrated into the main > WSS4j trunk. > > Thanks, > > Michael O'Connell > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- Colm O hEigeartaigh http://coheigea.blogspot.com/ Talend - http://www.talend.com --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
