What does your client configuration look like? Colm.
On Thu, Aug 22, 2013 at 12:34 PM, Sam <[email protected]> wrote: > Hi Colm, > > The policy is > > <wsp:Policy wsu:Id="DoubleItBindingPolicy"**> > <wsp:ExactlyOne> > <wsp:All> > <sp:SupportingTokens > > xmlns:sp="http://schemas.**xmlsoap.org/ws/2005/07/**securitypolicy<http://schemas.xmlsoap.org/ws/2005/07/securitypolicy> > "> > <wsp:Policy> > <sp:UsernameToken > sp:IncludeToken="http://**schemas.xmlsoap.org/ws/2005/** > 07/securitypolicy/**IncludeToken/AlwaysToRecipient<http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient> > **"> > <wsp:Policy> > <sp:HashPassword/> > <sp:WssUsernameToken11/> > </wsp:Policy> > </sp:UsernameToken> > </wsp:Policy> > </sp:SupportingTokens> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > > I am not getting any error message and the password in request is still in > clear text when I run the sample code from Glen's site. Response still > returns OK. > I was expecting CXF to take care of hashing password automatically but it > still works without returning error message. > > It's like <sp:HashPassword/> is optional. Maybe I am missing something. > > Thanks > Sam > > On 22/08/2013 11:08 p.m., Colm O hEigeartaigh wrote: > >> Yes it is possible. What policy are you using + what is the error you are >> getting? >> >> Colm. >> >> >> On Thu, Aug 22, 2013 at 11:53 AM, Sam <[email protected]> wrote: >> >> Hi all, >>> >>> I read in >>> http://pic.dhe.ibm.com/****infocenter/wasinfo/v8r5/index.****<http://pic.dhe.ibm.com/**infocenter/wasinfo/v8r5/index.**> >>> jsp?topic=%2Fcom.ibm.****websphere.wlp.express.doc%** >>> 2Fae%2Fcwlp_wssec_templates_****scenario1.html<http://pic.dhe.** >>> ibm.com/infocenter/wasinfo/**v8r5/index.jsp?topic=%2Fcom.** >>> ibm.websphere.wlp.express.doc%**2Fae%2Fcwlp_wssec_templates_** >>> scenario1.html<http://pic.dhe.ibm.com/infocenter/wasinfo/v8r5/index.jsp?topic=%2Fcom.ibm.websphere.wlp.express.doc%2Fae%2Fcwlp_wssec_templates_scenario1.html> >>> >, >>> which shows >>> the use of ws-policy for UsernameToken with password digest >>> (HashPassword) >>> over SSL. >>> >>> My question is, is it possible to use ws-policy for UsernameToken with >>> password digest without SSL in CXF? >>> >>> I am asking as I have been tweaking the WSDL for the usernametoke >>> tutorial >>> from http://www.jroller.com/gmazza/****entry/cxf_usernametoken_**** >>> profile<http://www.jroller.com/gmazza/**entry/cxf_usernametoken_**profile> >>> <http://www.jroller.**com/gmazza/entry/cxf_**usernametoken_profile<http://www.jroller.com/gmazza/entry/cxf_usernametoken_profile> >>> >, >>> to run without SSL successfully, now >>> I am trying to make it support password digest without SSL , and without >>> luck. >>> >>> Thanks >>> Sam >>> >>> >> >> > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
