ws-wss4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <>
Subject [jira] Commented: (WSS-68) No way to create a UsernameToken with absent <Password> element
Date Thu, 05 Jun 2008 10:29:44 GMT


Colm O hEigeartaigh commented on WSS-68:

Yes, you must have a password when deriving a secret key from a Username Token to sign a message.
Take a look at:


The correct way to use a Username Token for key derivation is something like:

WSSecUsernameToken builder = new WSSecUsernameToken();
builder.setUserInfo("bob", "security");
builder.addDerivedKey(true, null, 1000);

In this case, the password is used to derive a key, but the password itself is not attached
to the Username Token.

> No way to create a UsernameToken with absent <Password> element
> ---------------------------------------------------------------
>                 Key: WSS-68
>                 URL:
>             Project: WSS4J
>          Issue Type: Bug
>            Reporter: George Stanchev
>             Fix For: 1.5.4
>         Attachments:, wss4j-1.5.3.patch,
> We should be able to create UsernameTokens without <Password> in them if needed.
Password is an optional element

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message