With servers, how can I check clients use derived key or not?
I'm working on a JAX-WS project with WSS4J.
I managed to make some code working in UsernameToken with password derived key (salt+iteration).
- Server generates username/password and give them to clients
- Clients access endpoints with those information.
And I want to force clients to use the way of password derived only
NOT ALLOWED
<wsse:UsernameToken wsu:Id="Example-1">
<wsse:Username> ... </wsse:Username>
<wsse:Password Type="..."> ... </wsse:Password>
<wsse:Nonce EncodingType="..."> ... </wsse:Nonce>
<wsu:Created> ... </wsu:Created>
</wsse:UsernameToken>
MUST BE
<wsse:UsernameToken wsse:Id="…">
<wsse:Username>…</wsse:Username>
<wsse11:Salt>…</wsse11:Salt>
<wsse11:Iteration>…</wsse11:Iteration>
</wsse:UsernameToken>
Can I actually force them?
How can I check it in my Handler?
Can anybody please show me how to do with WSS4J?
