axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christian Keiler <>
Subject WSS4J and UsernameToken replay
Date Fri, 03 Nov 2006 12:01:26 GMT

I'm using Axis2 in connection with the rampart module. I want to 
authenticate users by an UsernameToken using digests. Considering 
possible replay attacks I want to save some nonce values within my 
service implementation and do not want to accept twice used "nonce" in a 
given time. Does one of you know, how to do this with the mentioned 
frameworks? The WSPasswordCallback is missing a getNonce() and a 
getCreated() method as this "just" a bug or are there other 
possibilities to manage my problem?

Thanks in advance,

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message