users@glassfish.java.net

Re: XWSS username token

From: Jose Noheda <jose.noheda_at_gmail.com>
Date: Mon, 28 Jul 2008 20:31:42 +0200

Thanks :-)

On Mon, Jul 28, 2008 at 8:03 PM, V B Kumar Jayanti
<Vbkumar.Jayanti_at_sun.com>wrote:

> Hi Jose,
>
>
> Jose Noheda wrote:
>
> Hi,
>>
>> I've tried XWSS and has worked from the start. It creates the following
>> header:
>>
>> <wsse:UsernameToken xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>> wsu:Id="XWSSGID-1217247178093-1341618277">
>> <wsse:Username>jose</wsse:Username>
>> <wsse:Password Type="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText
>> ">****</wsse:Password>
>> <wsse:Nonce EncodingType="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
>> ">S621Yl1KmoTGQeWIeFFfoceL</wsse:Nonce>
>> <wsu:Created>2008-07-28T12:13:22.031Z</wsu:Created>
>> </wsse:UsernameToken>
>>
>> I'm not sure if the password is correct though (it should be "jose"). The
>> spec at WSS shows an encrypted password in addition to the nonce. Can anyone
>> confirm this is the expected output?
>>
>> This is just a feature of the DumpMessage property. We purposely print
> "****" for the password during a Message Dump for Security Reasons. We do
> not want passwords to be visible in the Server Log File.
> As you mention the application itself is working for you and there is no
> issue there.
>
> regards,
> kumar
>
> Regards,
>>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>