They're not actually required for the digest as per the spec....it seems reasonable to me to at least allow the user to explicitly exclude them, even if there's no good reason to exclude them that I can think of.
Colm. -----Original Message----- From: Dittmann, Werner (NSN - DE/Munich) [mailto:[email protected]] Sent: 04 March 2009 12:07 To: ext Mike; [email protected] Subject: RE: UsernameToken Nonce & Created IIRC if you required Digest mode then you also enable nonce and created by default because those are required to generate the digest. Regards, Werner > -----Original Message----- > From: ext Mike [mailto:[email protected]] > Sent: Wednesday, March 04, 2009 9:32 AM > To: [email protected] > Subject: UsernameToken Nonce & Created > > Hello! > > I've managed to configure UsernameToken authentication which is > working perfectly with PasswordType digest and text. > > I'm having an issue though with Nonce and Created; I don't need them > all the time, if I try to not addNonce or addCreated it gets added > anyway! > > Example code: > > ... > ut.setCreated(false) > ut.setNonce(false) > ut.setDigest(true) > ... > > private WSSecUsernameToken getUsernameToken(String username, String > password, UsernameToken ut, Document doc) { > WSSecUsernameToken secut = null; > > if (username != null && username.trim().length() > 0 && password > != null && password.trim().length() > 0) { > secut = new WSSecUsernameToken(); > > if (ut.isDigest()) > secut.setPasswordType(WSConstants.PASSWORD_DIGEST); > else > secut.setPasswordType(WSConstants.PASSWORD_TEXT); > > secut.setUserInfo(ut.getUsername(), ut.getPassword()); > > if (ut.isCreated()) > secut.addCreated(); > > if (ut.isNonce()) > secut.addNonce(); > > secut.prepare(doc); > } > > return secut; > } > > Resulting UsernameToken element > > <wsse:UsernameToken wsu:Id="UsernameToken-512309528" > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > -wss-wssecurity-utility-1.0.xsd"> > <wsse:Username> > Sender </wsse:Username> > <wsse:Password > Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- > username-token-profile-1.0#PasswordDigest"> > sEdkxj9EZIUBn4UHDDioUXwhCCo= </wsse:Password> > <wsse:Nonce> > M3jvBuDs0fchIotm83Wjuw== </wsse:Nonce> > <wsu:Created> > 2009-03-04T08:28:53.173Z </wsu:Created> > </wsse:UsernameToken> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
