Versions Compared

Old Version 47

changes.mady.by.user Glen Mazza

Saved on

compared with

New Version 48

changes.mady.by.user Glen Mazza

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Clarifying that nonce support is available with CXF 2.6.0. (Nonce support I believe is available in some earlier versions but must be explicitly activated – I'm stating that is unavailable though until someone describes which versions can have it active & how to activate it.)

...

WS-Security supports many ways of specifying tokens. One of these is the UsernameToken header. It is a standard way to communicate a username and password or password digest to another endpoint. Be sure to review the OASIS UsernameToken Profile Specification for important security considerations when using UsernameTokens. Note that the nonce support recommended by the specification necessary for guarding against replay attacks has not yet been implemented either in CXF or WSS4Jis active by default starting with CXF 2.6.0 but unavailable in versions prior to that.

For the server side, you'll want to set up the following properties on your WSS4JInInterceptor (see above for code sample):

...