Before you begin
You must first create the Web Service security configuration that is associated with a Web Service before you can configure specific features.
See Create a Web Service security configuration for details about creating a security configuration.
By default, the WebLogic Web Services security runtime uses cleartext passwords, rather than the password digest, in the SOAP messages from an invoke of a message-secured Web Service. The following procedure shows how to change this default behavior so that the SOAP messages use the password digest instead.
The default configuration is called default_wss
;
updating this configuration updates security behavior of all Web
Services that are associated with this default configuration.
weblogic.xml.crypto.wss.UNTCredentialProvider
.ut
.UsePasswordDigest
.true
.Leave the Is Encrypted checkbox unchecked.
After you finish
If you specify that SOAP messages use the password digest, rather than the cleartext password, then you must also change the default behavior of the core security runtime to now store cleartext passwords rather than the digest. This also means that if the core security runtime has already stored the password digests for already-created users, you must recreate these users so that their cleartext password, and not their digest, is stored in the password database.
You must redeploy any Web Service which is associated with this security configuration for the security changes to take effect.