Before you begin
You must first create the Web Service security configuration that is associated with a Web Service before you can configure specific features.
See Create a Web Service security configuration for details about creating a security configuration.
By default, the WebLogic Web Services security runtime uses cleartext passwords, rather than the password digest, in the SOAP messages from an invoke of a message-secured Web Service. The password digest is a cyptographic hash of the password and timestamp.The following procedure shows how to change this default behavior so that the SOAP messages use the password digest instead.
Caution: This task applies only to JAX-RPC 1.1 Web Services, and not to JAX-WS 2.0 Web Services.
The default configuration is called
updating this configuration updates security behavior of all Web
Services that are associated with this default configuration.
Leave the Is Encrypted checkbox unchecked.
After you finish
If you specify that SOAP messages use the password digest, rather than the cleartext password, then you must also change the default behavior of the core security runtime to enable password digest. You do this by ensuring that the Enable Password Digests checkbox of the Default Authenticator is checked. See Configure Authentication and Identity Assertion providers.
Additionally, if the core security runtime has already stored the password digests (rather than cleartext passwords) for already-created users, you must recreate these users so that their cleartext password, and not their digest, is stored in the password database.
You must redeploy any Web Service which is associated with this security configuration for the security changes to take effect.