[jboss-user] [JBoss Web Services] - JBOSS-WS verify password Digest manually at the server

Ken Barnes [https://community.jboss.org/people/kenbarnes] created the discussion "JBOSS-WS verify password Digest manually at the server" To view the discussion, visit: https://community.jboss.org/message/744889#744889 -------------------------------------------------------------- I am using jboss 5.1.0.GA and jbossws-3.1.2.GA. I am attempting to verify the password digest on the server side outside of the Jaas module like so private void testSHA(String nonce, String created, String passwordDigest) {         Base64 encoder = new Base64();         String concat = nonce + created + "password";         try {             MessageDigest md = MessageDigest.getInstance("SHA1");                        md.update(concat.getBytes());             byte[] arr = md.digest();             String fin = encoder.encodeBase64String(arr);             System.out.println("fin: "+fin);             System.out.println("dig: "+pd);         } catch (NoSuchAlgorithmException ex) {             Logger.getLogger(NtcssWsSecurityServer.class.getName()).log(Level.SEVERE, null, ex);         }     } All values are pulled off the soap header and the "password" is shared. If I use SOAP UI to submit the request, with nonce,created, and password digest I can never get the digest to match up. Also It looks like the nonce is Base64 encoded and Hashed at the server. What Am I missing. Thanks -------------------------------------------------------------- Reply to this message by going to Community [https://community.jboss.org/message/744889#744889] Start a new discussion in JBoss Web Services at Community [https://community.jboss.org/choose-container!input.jspa?contentType=1&...]