Skip navigation.

eDocs Home > BEA WebLogic Server 9.0 Documentation > Administration Console Online Help > Use a password digest in SOAP messages

Administration Console Online Help

PreviousNextvertical dots separating previous/next from contents/index/pdfContents

Use a password digest in SOAP messages

Before you begin

You must first create the Web Service security configuration that is associated with a Web Service before you can configure specific features.

See Create a Web Service security configuration for details about creating a security configuration.


By default, the WebLogic Web Services security runtime uses cleartext passwords, rather than the password digest, in the SOAP messages from an invoke of a message-secured Web Service. The following procedure shows how to change this default behavior so that the SOAP messages use the password digest instead.

  1. If you have not already done so, in the Change Center of the Administration Console, click Lock & Edit (see Use the Change Center).
  2. In the left pane of the Administration Console, select your domain. This is the top-level node of the navigation tree.
  3. In the right pane, select Web Service Security.
  4. In the table, click the name of the Web Service security configuration you want to update.

    The default configuration is called default_wss; updating this configuration updates security behavior of all Web Services that are associated with this default configuration.

  5. If not already there, select Credential Provider.
  6. Click New.
  7. Enter the following values:
    • Name: A name for your credential provider. This can be anything you want.
    • Class Name: Enter the following exact value: weblogic.xml.crypto.wss.UNTCredentialProvider.
    • Token Type: Enter the following exact value: ut.
  8. Click Finish.
  9. In the Credential Providers table, click the name of the credential provider you just created.
  10. At the bottom of the page in the Credential Provider Properties table, click New.
  11. Enter the following values:
    • Name: Enter the following exact value: UsePasswordDigest.
    • Value: Enter the following exact value: true.

    Leave the Is Encrypted checkbox unchecked.

  12. Click OK.
  13. To activate these changes, in the Change Center of the Administration Console, click Activate Changes.
    Not all changes take effect immediately—some require a restart (see Use the Change Center).

After you finish

If you specify that SOAP messages use the password digest, rather than the cleartext password, then you must also change the default behavior of the core security runtime to now store cleartext passwords rather than the digest. This also means that if the core security runtime has already stored the password digests for already-created users, you must recreate these users so that their cleartext password, and not their digest, is stored in the password database.

You must redeploy any Web Service which is associated with this security configuration for the security changes to take effect.

 

Skip navigation bar   Back to Top