[jboss-user] [JBoss Web Services] - Re: Problem encrypting or signing WS-Security header elements

Alessio Soldano do-not-reply at jboss.com
Thu Dec 16 03:50:49 EST 2010

Alessio Soldano [http://community.jboss.org/people/alessio.soldano%40jboss.com] created the discussion

"Re: Problem encrypting or signing WS-Security header elements"

To view the discussion, visit: http://community.jboss.org/message/576324#576324

Encryption of WS-Security own headers is not supported. The way you should deal with the need of not sending clear passwords over the net is either leveraging a secure transport (https) or using the other features included in WS-Security Username Token profile. More in details, take a look at  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf : instead of using PasswordText type, you should be using the digest.

Reply to this message by going to Community

Start a new discussion in JBoss Web Services at Community

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20101216/07e2805d/attachment.html 

More information about the jboss-user mailing list