Affects Version/s: None
Fix Version/s: None
A Policy was specified on a web service as such:
If the request contains username token + password in security header, I would expect (hope) rampart to ignore
the password or complain that a password is present (i'm not sure about the meaning of NoPassword in this respect).
Anyway: rampart will go into the password callback and require us to supply the value.
Is this correct?