ws-security Hashed Password using CXF's JAASLoginInterceptor in JBossWS-CXF
Issue
- We want to combine ws-security-UsernameToken with a securitydomain/JAAS with org.apache.cxf.interceptor.security.JAASLoginInterceptor.
-
The wsdl contains
sp:UsernameToken sp:WssUsernameToken11 sp:HashPassword. Securitydomain is set in the jboss-web.xml toother.
ws-security.validate.tokenis set to false injaxws-endpoint-config.xml. -
The problem: the hashed password from the soapheader is used to compare against the hashed-password from user.properties. When we don't hash the password (remove sp:HashPassword from the wsdl), the user is validated.
-
How can we validate a UsernameToken from the soapheader with a securitydomain ?
Environment
- Red Hat JBoss Enterprise Application Platform
- 6.x
- JBossWS-CXF
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
