[jboss-user] [JBoss Web Services] - password hash values do not match

yusuf kurt do-not-reply at jboss.com
Fri Apr 9 07:54:35 EDT 2010 

yusuf kurt [http://community.jboss.org/people/ykurttr] created the discussion

"password hash values do not match"

To view the discussion, visit: http://community.jboss.org/message/536544#536544

--------------------------------------------------------------
Hi, this is my first post on jboss community,
I searched the forum and google but unfortunately could not find an answer to my question.
I have created a ws-secure webservice with jbossws on jboss 5.1.0 with username/password authentication
I am expecting a username and a digested password according to wss-usernametoken profile from my clients,
i successfully created a jbossws-client application which sends username/digested password and is authenticated via my custom usernamepasswordloginmodule.
But one of my webservice client which is implemented by Axis c++ library can not be authenticated although it sends right credentials.When i checked the incoming soap messages both for jbossws client and axis client, i noticed that axis client nonce value is not encoded with BASE64 whilst jbossws nonce value is encoded with BASE64. As a result the created password hash by jbossws client matched the expected password but axis client did not.
Then i checked the document for creation of nonce from oasis.
 http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf
starting from line 129, it says that:

Note that the nonce is hashed using the octet sequence of its decoded value while the timestamp
is hashed using the octet sequence of its UTF8 encoding as specified in the contents of the
element.
Note that the nonce is hashed using the octet sequence of its decoded value while the timestamp
is hashed using the octet sequence of its UTF8 encoding as specified in the contents of the
element.

Now i am confused, how must be the cretaed nonce, encoded, or plain or decoded(how);  is there a conflict with standarts or am i or is axis missing some point?
thank you in advence...

--------------------------------------------------------------

Reply to this message by going to Community
[http://community.jboss.org/message/536544#536544]

Start a new discussion in JBoss Web Services at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20100409/4a8369eb/attachment.html

More information about the jboss-user mailing list