From: V B Kumar Jayanti <Vbkumar.Jayanti_at_Sun.COM>
Date: Mon, 28 Jul 2008 23:33:39 +0530

Hi Jose,

Jose Noheda wrote:

> Hi,
>
> I've tried XWSS and has worked from the start. It creates the
> following header:
>
> <wsse:UsernameToken
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="XWSSGID-1217247178093-1341618277">
> <wsse:Username>jose</wsse:Username>
> <wsse:Password
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">****</wsse:Password>
> <wsse:Nonce
> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">S621Yl1KmoTGQeWIeFFfoceL</wsse:Nonce>
> <wsu:Created>2008-07-28T12:13:22.031Z</wsu:Created>
> </wsse:UsernameToken>
>
> I'm not sure if the password is correct though (it should be "jose").
> The spec at WSS shows an encrypted password in addition to the nonce.
> Can anyone confirm this is the expected output?
>
This is just a feature of the DumpMessage property. We purposely print
"****" for the password during a Message Dump for Security Reasons. We
do not want passwords to be visible in the Server Log File.

As you mention the application itself is working for you and there is no
issue there.

regards,
kumar

> Regards,