axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christian Keiler <christian_1...@web.de>
Subject WSS4J and UsernameToken replay
Date Fri, 03 Nov 2006 12:01:26 GMT
Hi,

I'm using Axis2 in connection with the rampart module. I want to 
authenticate users by an UsernameToken using digests. Considering 
possible replay attacks I want to save some nonce values within my 
service implementation and do not want to accept twice used "nonce" in a 
given time. Does one of you know, how to do this with the mentioned 
frameworks? The WSPasswordCallback is missing a getNonce() and a 
getCreated() method as well...is this "just" a bug or are there other 
possibilities to manage my problem?

Thanks in advance,
Christian

---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org


Mime
View raw message