[ http://issues.apache.org/jira/browse/WSS-25?page=comments#action_12357854 ]
Werner Dittmann commented on WSS-25: ------------------------------------ Which password type do you use? If you use the digest password type then the digest will be computed and checked. Other passwords are not checked by the usernametoken handler but could be checked by the password callback itself. This is because only the handling of digested passwords is specified and thus can be processed within the handler. Regards, Werner > UsernameToken password is not checked > ------------------------------------- > > Key: WSS-25 > URL: http://issues.apache.org/jira/browse/WSS-25 > Project: WSS4J > Type: Bug > Environment: Windows 2000, JDK 1.5.0_05-b05 > Reporter: Kevin Fung > Assignee: Davanum Srinivas > > In the handleUsernameToken method in WSSecurityEngine class, the password > returned by the password handler is not compared against the password/digest > from the UsernameToken. The result is that any password will be accepted. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
