1 Reply Latest reply on Jul 24, 2008 10:34 AM by asoldano

Username token password type?

jeffrho Jul 24, 2008 10:16 AM

I'm using a JBossWS Native 3.0.2 client to invoke a secure Web service running on WebLogic. When the JBoss client creates a username token it looks like this:

<wsse:UsernameToken wsu:Id="token-1-1216905572050-4347715">
<wsse:Username>awdadmin</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd#PasswordText">awdadmin</wsse:Password>
</wsse:UsernameToken>

Note the ".xsd" in the Type value. WebLogic fails to process the UNT header because it does not recognize the password type.

When I invoke this Web service with another client, it generates a different password type - without the ".xsd" in the Type value:

<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="unt_2gqSjWLYhMUDJeu4">
<wsse:Username>awdadmin</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">awdadmin</wsse:Password>
</wsse:UsernameToken>

WebLogic is able to process the above UNT header and I can successfully consume the service.

Is Native 3.0.2 client mistakenly putting the .xsd on the password Type? I don't think I've seen the ".xsd" on any examples of UNT password type.

1. Re: Username token password type?

asoldano Jul 24, 2008 10:34 AM (in response to jeffrho)

Thank you for pointing this out.
https://jira.jboss.org/jira/browse/JBWS-2265
Actions