1. AdroitLogic
  2. ultraesb
  3. Issues
Issue #40 resolved

WSSecurity to use Nonce and Created values regardless of WSSecurityManager requireNonceAndCreated property

andysc
created an issue

As per https://getsatisfaction.com/adroitlogic/topics/wssecurity_for_both_passwordtext_and_passworddigests

The ProcessUTAuthenticatedMessage class (lines 104-149) should attempt to use the Nonce and Created UsernameToken values regardless of the requireNonceAndCreated property (set via WSSecurityManager).

This will allow both PasswordText (where Nonce and Created are not required) and PasswordDigest to be used.

The requireNonceAndCreated property should only be used to return an error if Nonce and Created are not passed with the request.

Comments (2)

  1. Log in to comment