Return-Path: Delivered-To: apmail-ws-axis-user-archive@www.apache.org Received: (qmail 70856 invoked from network); 3 Nov 2006 12:04:52 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 3 Nov 2006 12:04:52 -0000 Received: (qmail 84486 invoked by uid 500); 3 Nov 2006 12:04:51 -0000 Delivered-To: apmail-ws-axis-user-archive@ws.apache.org Received: (qmail 84304 invoked by uid 500); 3 Nov 2006 12:04:50 -0000 Mailing-List: contact axis-user-help@ws.apache.org; run by ezmlm Precedence: bulk Reply-To: axis-user@ws.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list axis-user@ws.apache.org Received: (qmail 84293 invoked by uid 99); 3 Nov 2006 12:04:50 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 03 Nov 2006 04:04:50 -0800 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: local policy) Received: from [217.72.192.227] (HELO fmmailgate02.web.de) (217.72.192.227) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 03 Nov 2006 04:04:36 -0800 Received: from smtp05.web.de (fmsmtp05.dlan.cinetic.de [172.20.4.166]) by fmmailgate02.web.de (Postfix) with ESMTP id 532073185519 for ; Fri, 3 Nov 2006 13:03:40 +0100 (CET) Received: from [84.179.220.212] (helo=[192.168.0.63]) by smtp05.web.de with asmtp (TLSv1:AES256-SHA:256) (WEB.DE 4.107 #114) id 1Gfxls-00017T-00 for axis-user@ws.apache.org; Fri, 03 Nov 2006 13:03:40 +0100 Message-ID: <454B2F96.1070107@web.de> Date: Fri, 03 Nov 2006 13:01:26 +0100 From: Christian Keiler User-Agent: Thunderbird 1.5.0.7 (Windows/20060909) MIME-Version: 1.0 To: axis-user@ws.apache.org Subject: WSS4J and UsernameToken replay Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit Sender: christian_1979@web.de X-Sender: christian_1979@web.de X-Virus-Checked: Checked by ClamAV on apache.org Hi, I'm using Axis2 in connection with the rampart module. I want to authenticate users by an UsernameToken using digests. Considering possible replay attacks I want to save some nonce values within my service implementation and do not want to accept twice used "nonce" in a given time. Does one of you know, how to do this with the mentioned frameworks? The WSPasswordCallback is missing a getNonce() and a getCreated() method as well...is this "just" a bug or are there other possibilities to manage my problem? Thanks in advance, Christian --------------------------------------------------------------------- To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org For additional commands, e-mail: axis-user-help@ws.apache.org