Hi Brian, On Wed, Jan 30, 2013 at 8:44 AM, Brian Reinhold <[email protected]> wrote: > Interesting! I will need to look at these > > What I did instead was to change the UsernameTokenValidator.java file in > WSS4J. In that file when the callback was being created they simply placed > null for the password. I removed the null and put in the password. However, > this admittedly broke their model. Now the user was responsible for > indicated to WSS4J that the password was good (by not changing it) or bad > (by changing it to something else). Before the user had to ALWAYS provide > the ACTUAL password (which did not work in the case if one stored digests). >
This statement is not correct. In previous versions of WSS4J/Rampart user _only_ had to provide the actual password in the serverside in case "WSPasswordCallback.USERNAME_TOKEN_UNKNOWN". This was set when there was an incoming UsernameToken with a plain text password. Thanks, Ruchith --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
