[esb-issues] [JBoss JIRA] Updated: (JBESB-3022) It is not possible to use different credentials on the input of the service and on the SOAPProxy that invokes the proxied service

Keith Babo (JIRA) jira-events at lists.jboss.org
Fri Oct 29 13:53:54 EDT 2010 

     [ https://jira.jboss.org/browse/JBESB-3022?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Keith Babo updated JBESB-3022:
------------------------------

    Attachment: wsp_diffauth2.zip


Updated qs project with RemoveAuthHeader action.

> It is not possible to use different credentials on the input of the service and on the SOAPProxy that invokes the proxied service
> ---------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: JBESB-3022
>                 URL: https://jira.jboss.org/browse/JBESB-3022
>             Project: JBoss ESB
>          Issue Type: Feature Request
>      Security Level: Public(Everyone can see) 
>          Components: Web Services
>    Affects Versions: 4.7
>            Reporter: Jiri Pechanec
>         Attachments: soapproxy-diffauth.zip, wsp_diffauth2.zip
>
>
> There is a use case - I have a secured ESB service using HTTPS/BASIC auth invoking invoking secured HTTPS/BASIC auth web service via SOAPProxy. If the credentials are passed from the client then everything works correctly. But if I have different credentials required for ESB client and different credentials are required by proxied Web Service then I use property <property name="clientCredentialsRequired" value="false" /> to set static credentials for proxied web service.
> This property works correctly if the ESB service is unsecured. Unfortunately if it is secured then probably the credentials stored in HTTP header stored in ESB message overwrites the static credentials set by the SOAPProxy action.
> The attached example is modified webservice_proxy_secure QS and has static credentials set to wrong values - so proxied web service should not be invoked. But if ant runtest is executed then the wrong credentials are not used.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the esb-issues mailing list