[ http://jira.codehaus.org/browse/XFIRE-383?page=comments#action_64941 ]
Brian Bonner commented on XFIRE-383: ------------------------------------ The other thing that's interesting about this is that in WSHandlerConstants, it says the Default is PW_DIGEST. Yet according to this documentation (line 173 on page 9). PW_TEXT should be the default. http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf This was part of my confusion. I'm going to pass it on to the WSS4j guys. > Does XFire-WS-Security WSS4JInHandler properly handle UsernameToken? > -------------------------------------------------------------------- > > Key: XFIRE-383 > URL: http://jira.codehaus.org/browse/XFIRE-383 > Project: XFire > Type: Bug > Versions: 1.1-RC1 > Environment: jdk1.5.0_06, maven2.0.4, eclipse 3.1.2 > Reporter: Brian Bonner > Assignee: Tomasz Sztelak > Attachments: WSS4JInOutUserNameTokenTest.java, ws-security-testcase-patch.txt > > > I've attached a patch to the WSS4JInOutTest to illustrate what I think the > problem is. > Specifically, > When the Action is set to UsernameToken, > The password line is presented like this: > <wsse:Password > Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest"; > > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>k6fDmkGxRMWElSjBsU1XPFrn1Zc=</wsse:Password> > It looks like a digest. > Can someone confirm this? -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
