Hi, I am using CXF-BC to receive an incoming SOAP request. The request contains WS-Security headers. One of the requirements is that the UsernameToken is used to supply a Username only, no password. The intention is for auditing and later authorisation rather than authentication.
Using the example cxf-ws-security that ships with ServiceMix, I can see how to set the WSS4JInInterceptor to handle the WSS fields, including password authentication, but I can't see a good way to either ignore the UsernameToken completely or let it through without authetication. Can anyone suggest the best way to do this? Thanks, Steve. -- View this message in context: http://old.nabble.com/CXF---WSS-UsernameToken-without-password-tp28040028p28040028.html Sent from the ServiceMix - User mailing list archive at Nabble.com.
