Alessio Soldano [http://community.jboss.org/people/alessio.soldano%40jboss.com] created the discussion
"Re: Problem encrypting or signing WS-Security header elements" To view the discussion, visit: http://community.jboss.org/message/576324#576324 -------------------------------------------------------------- Encryption of WS-Security own headers is not supported. The way you should deal with the need of not sending clear passwords over the net is either leveraging a secure transport (https) or using the other features included in WS-Security Username Token profile. More in details, take a look at http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf : instead of using PasswordText type, you should be using the digest. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/576324#576324] Start a new discussion in JBoss Web Services at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]
_______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
