Uploaded image for project: 'WSS4J'
  1. WSS4J
  2. WSS-255

Add support for enforcing a text or digest password type when processing a UsernameToken

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 1.5.9
    • 1.6
    • None
    • None

    Description


      The UsernameTokenProcessor does not currently enforce the "passwordType" property on the inbound side. This task is to add a configuration switch (default to false for backwards compatibility) which enforces the "passwordType" property on an inbound Username Token. This functionality gives the receiver the ability to make sure that the received token is e.g. password digest, and not plaintext.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. CXF-2150 Web service provider using UsernameToken profile should throw an exception if SOAP client's password type <> web service provider's.

          • Major - Major loss of function.
          • Closed

          Activity

            People

              coheigea Colm O hEigeartaigh
              coheigea Colm O hEigeartaigh
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: