Hi,
I'm afraid you can't ignore the password if you configure wss4j to use
UsernameToken action.
One workaround I can suggest is that you don't use
WSS4JInIntterceptor, you write your own interceptor to read the soap
header to save the username for later use.
Freeman
On 2010-3-26, at 下午5:35, slew77 wrote:
Hi,
I am using CXF-BC to receive an incoming SOAP request. The request
contains
WS-Security headers. One of the requirements is that the
UsernameToken is
used to supply a Username only, no password. The intention is for
auditing
and later authorisation rather than authentication.
Using the example cxf-ws-security that ships with ServiceMix, I can
see how
to set the WSS4JInInterceptor to handle the WSS fields, including
password
authentication, but I can't see a good way to either ignore the
UsernameToken completely or let it through without authetication.
Can anyone suggest the best way to do this?
Thanks,
Steve.
--
View this message in context:
http://old.nabble.com/CXF---WSS-UsernameToken-without-password-tp28040028p28040028.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com
