According to spec, the "Username" and "Password" child elements of
"UsernameToken" are NOT supposed to be qualified. The message you put here
has them qualified.
I think there is a setting in the WSConfig object to allow accepting the out
of spec name/passwords, I'm just not sure how that would be used with the
WSS4JInInterceptor. I added some code last week to allow configuring in a
specific WSConfig object relatively easily, but that's not available in a
release yet.
Dan
thanks Dan.
this is the java client message that works. the only difference is the
"Type" attribute is simple "Type" instead of "wsse:Type". could this be the
reason?
<wsse:UsernameToken
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="UsernameToken-1">
<wsse:Username>ws***</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>*****</wsse:Password>
</wsse:UsernameToken>
--
View this message in context:
http://old.nabble.com/An-invalid-security-token-was-provided-%28Bad-UsernameToken-Values%29-tp27429163p27443711.html
Sent from the cxf-user mailing list archive at Nabble.com.
