cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From huidong <huidong_zh...@yahoo.com>
Subject Re: An invalid security token was provided (Bad UsernameToken Values)
Date Wed, 03 Feb 2010 21:23:51 GMT




According to spec, the "Username" and "Password" child elements of 
"UsernameToken" are NOT supposed to be qualified.   The message you put here 
has them qualified.  

I think there is a setting in the WSConfig object to allow accepting the out 
of spec name/passwords, I'm just not sure how that would be used with the 
WSS4JInInterceptor.   I added some code last week to allow configuring in a 
specific WSConfig object relatively easily, but that's not available in a 
release yet.   

Dan

thanks Dan.

this is the java client message that works. the only difference is the
"Type" attribute is simple "Type" instead of "wsse:Type". could this be the
reason?


<wsse:UsernameToken
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="UsernameToken-1">

<wsse:Username>ws***</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">*****</wsse:Password>

</wsse:UsernameToken>

-- 
View this message in context: http://old.nabble.com/An-invalid-security-token-was-provided-%28Bad-UsernameToken-Values%29-tp27429163p27443711.html
Sent from the cxf-user mailing list archive at Nabble.com.


Mime
View raw message