Yes, check[1], search on the text "Note that for the special case of a plain-text password". Hopefully this will get changed relatively soon[2].
[1] http://cwiki.apache.org/CXF20DOC/ws-security.html [2] https://issues.apache.org/jira/browse/WSS-183 Glen Rick.Janda wrote: > > Do you have idea, how to make CXF rejecting anything else than > PasswordDigest? > Or have I missed something in the documentation? > -- View this message in context: http://www.nabble.com/Configured-WS-Security-UsernameToken-PasswordDigest-accepts-PasswordText-tp24432779p24433414.html Sent from the cxf-user mailing list archive at Nabble.com.
