Hi Colm,
The policy is
<wsp:Policy wsu:Id="DoubleItBindingPolicy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<sp:HashPassword/>
<sp:WssUsernameToken11/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SupportingTokens>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
I am not getting any error message and the password in request is still
in clear text when I run the sample code from Glen's site. Response
still returns OK.
I was expecting CXF to take care of hashing password automatically but
it still works without returning error message.
It's like <sp:HashPassword/> is optional. Maybe I am missing something.
Thanks
Sam
On 22/08/2013 11:08 p.m., Colm O hEigeartaigh wrote:
Yes it is possible. What policy are you using + what is the error you are
getting?
Colm.
On Thu, Aug 22, 2013 at 11:53 AM, Sam <[email protected]> wrote:
Hi all,
I read in http://pic.dhe.ibm.com/**infocenter/wasinfo/v8r5/index.**
jsp?topic=%2Fcom.ibm.**websphere.wlp.express.doc%**
2Fae%2Fcwlp_wssec_templates_**scenario1.html<http://pic.dhe.ibm.com/infocenter/wasinfo/v8r5/index.jsp?topic=%2Fcom.ibm.websphere.wlp.express.doc%2Fae%2Fcwlp_wssec_templates_scenario1.html>,
which shows
the use of ws-policy for UsernameToken with password digest (HashPassword)
over SSL.
My question is, is it possible to use ws-policy for UsernameToken with
password digest without SSL in CXF?
I am asking as I have been tweaking the WSDL for the usernametoke tutorial
from
http://www.jroller.com/gmazza/**entry/cxf_usernametoken_**profile<http://www.jroller.com/gmazza/entry/cxf_usernametoken_profile>,
to run without SSL successfully, now
I am trying to make it support password digest without SSL , and without
luck.
Thanks
Sam
