[jboss-user] [JBoss Web Services] - Re: Problem encrypting or signing WS-Security header elements

Alessio Soldano do-not-reply at jboss.com
Thu Dec 16 03:50:49 EST 2010


Alessio Soldano [http://community.jboss.org/people/alessio.soldano%40jboss.com] created the discussion

"Re: Problem encrypting or signing WS-Security header elements"

To view the discussion, visit: http://community.jboss.org/message/576324#576324

--------------------------------------------------------------
Encryption of WS-Security own headers is not supported. The way you should deal with the need of not sending clear passwords over the net is either leveraging a secure transport (https) or using the other features included in WS-Security Username Token profile. More in details, take a look at  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf : instead of using PasswordText type, you should be using the digest.
--------------------------------------------------------------

Reply to this message by going to Community
[http://community.jboss.org/message/576324#576324]

Start a new discussion in JBoss Web Services at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20101216/07e2805d/attachment.html 


More information about the jboss-user mailing list