Alessio Soldano [
http://community.jboss.org/people/alessio.soldano%40jboss.com] created
the discussion
"Re: Problem encrypting or signing WS-Security header elements"
To view the discussion, visit:
http://community.jboss.org/message/576324#576324
--------------------------------------------------------------
Encryption of WS-Security own headers is not supported. The way you should deal with the
need of not sending clear passwords over the net is either leveraging a secure transport
(https) or using the other features included in WS-Security Username Token profile. More
in details, take a look at
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-pr...
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-pr... :
instead of using PasswordText type, you should be using the digest.
--------------------------------------------------------------
Reply to this message by going to Community
[
http://community.jboss.org/message/576324#576324]
Start a new discussion in JBoss Web Services at Community
[
http://community.jboss.org/choose-container!input.jspa?contentType=1&...]