cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: UsernameToken with password digest (HashPassword) without SSL?
Date Thu, 22 Aug 2013 12:47:35 GMT
What does your client configuration look like?

Colm.


On Thu, Aug 22, 2013 at 12:34 PM, Sam <j2eedodo@gmail.com> wrote:

> Hi Colm,
>
> The policy is
>
>      <wsp:Policy wsu:Id="DoubleItBindingPolicy"**>
>           <wsp:ExactlyOne>
>               <wsp:All>
>                   <sp:SupportingTokens
>    xmlns:sp="http://schemas.**xmlsoap.org/ws/2005/07/**securitypolicy<http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>
> ">
>                       <wsp:Policy>
>                           <sp:UsernameToken
>    sp:IncludeToken="http://**schemas.xmlsoap.org/ws/2005/**
> 07/securitypolicy/**IncludeToken/AlwaysToRecipient<http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient>
> **">
>                               <wsp:Policy>
>                                   <sp:HashPassword/>
>                                   <sp:WssUsernameToken11/>
>                               </wsp:Policy>
>                           </sp:UsernameToken>
>                       </wsp:Policy>
>                   </sp:SupportingTokens>
>               </wsp:All>
>           </wsp:ExactlyOne>
>        </wsp:Policy>
>
> I am not getting any error message and the password in request is still in
> clear text when I run the sample code from Glen's site. Response still
> returns OK.
> I was expecting CXF to take care of hashing password automatically but it
> still works without returning error message.
>
> It's like <sp:HashPassword/> is optional. Maybe I am missing something.
>
> Thanks
> Sam
>
> On 22/08/2013 11:08 p.m., Colm O hEigeartaigh wrote:
>
>> Yes it is possible. What policy are you using + what is the error you are
>> getting?
>>
>> Colm.
>>
>>
>> On Thu, Aug 22, 2013 at 11:53 AM, Sam <j2eedodo@gmail.com> wrote:
>>
>>  Hi all,
>>>
>>> I read in http://pic.dhe.ibm.com/****infocenter/wasinfo/v8r5/index.****<http://pic.dhe.ibm.com/**infocenter/wasinfo/v8r5/index.**>
>>> jsp?topic=%2Fcom.ibm.****websphere.wlp.express.doc%**
>>> 2Fae%2Fcwlp_wssec_templates_****scenario1.html<http://pic.dhe.**
>>> ibm.com/infocenter/wasinfo/**v8r5/index.jsp?topic=%2Fcom.**
>>> ibm.websphere.wlp.express.doc%**2Fae%2Fcwlp_wssec_templates_**
>>> scenario1.html<http://pic.dhe.ibm.com/infocenter/wasinfo/v8r5/index.jsp?topic=%2Fcom.ibm.websphere.wlp.express.doc%2Fae%2Fcwlp_wssec_templates_scenario1.html>
>>> >,
>>> which shows
>>> the use of ws-policy for UsernameToken with password digest
>>> (HashPassword)
>>> over SSL.
>>>
>>> My question is, is it possible to use ws-policy  for UsernameToken with
>>> password digest without SSL in CXF?
>>>
>>> I am asking as I have been tweaking the WSDL for the usernametoke
>>> tutorial
>>> from http://www.jroller.com/gmazza/****entry/cxf_usernametoken_****
>>> profile<http://www.jroller.com/gmazza/**entry/cxf_usernametoken_**profile>
>>> <http://www.jroller.**com/gmazza/entry/cxf_**usernametoken_profile<http://www.jroller.com/gmazza/entry/cxf_usernametoken_profile>
>>> >,
>>> to run without SSL successfully, now
>>> I am trying to make it support password digest without SSL , and without
>>> luck.
>>>
>>> Thanks
>>> Sam
>>>
>>>
>>
>>
>


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message