[jboss-user] [JBossWS] - Re: implementing wsse:UserNameToken
do-not-reply at jboss.com
Wed Oct 11 19:12:46 EDT 2006
"kdeboer" wrote : I did some research in the JBoss WS 103 Sources.
| It appears that the username token profile is partly supported.
| The user and password are added to the soap header when the password are added to the call or proxy object
| However password type attribute and password encoding is not support.
| According to the basic security profile the type attribute is required.
| Password disgest is also very nice to have.
| will these functions be added in the near future?
The basic security profile has been in draft for over a year, and is not expected to be finalized anytime soon so we haven't looked at conforming to it. WS-Security 1.0 has type as optional, so we dont specify it. The encoding type is only relevant to a Nonce. and as you see currently nonces aren't supported. I have updated the feature request to reflect this.
Currently the priority on this is low, since we are busy working on EE5 / JAX-WS. So, as Thomas said, feel free to contribute if you want to see this sooner.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3977728#3977728
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3977728
More information about the jboss-user