Sep 21st, 2011, 10:21 AM
Securing Web Services
I'm working on a project where a client is talking to server via Spring web services. I have recently secured these services using the wxss method using an interceptor and security policy file which expects a username & password token field in the soap header with password digest and nonce. I am providing this via SoapUI testing at the moment.
The message is getting intercepted on the server side correctly but is always failing the authentication. I am testing this with SoapUI currently.
Can anyone tell me the method by which the server hashes the clear password on the server side before the comparison against the digest in the soap header? If I knew this I could create the correct value on the SoapUI client for testing?
Or even anyone explain to me how this works in principle so I can rework where required.
Hope this makes sense.