[jboss-user] [JBossWS] - WSSE UsernameToken without HTTP basic auth?

mikaeljl do-not-reply at jboss.com
Mon Jan 14 05:59:46 EST 2008 

Hi!
I've managed to implement a web service + a client that authenticates with WSSE UsernameToken.

My problem is that the client side is always including the HTTP Authorization header.
Something like:
Authorization: Basic a2VybWl0OnRoZWZyb2c=

Note, the WSSE data in the SOAP header is also included and looking ok.

How can I keep the client from including the http basic authentication data and only include wsse data? Is this possible? What am I missing?

My client is configured with
<config>
  |  <username/>
  |  </config>

I do the following in the client code:
URL securityURL = new File("resources/jboss-wsse-client.xml").toURI().toURL(); 
  | ((StubExt)myServiceStub).setSecurityConfig(securityURL.toExternalForm());
  | ((StubExt)myServiceStub).setConfigName("Standard WSSecurity Client");
  | Map<String, Object> reqContext = bp.getRequestContext();
  | reqContext.put(BindingProvider.USERNAME_PROPERTY, "kermit");
  | reqContext.put(BindingProvider.PASSWORD_PROPERTY, "thefrog");

I guess that the client libraries will pick up the properties set on the request ctx and therefore assume that basic auth should be applied?
Is there a way supply the username/pwd info to the WSSecurityDispatcher without having the client libraries adding http auth?

I do get everything to work if I add the following to  web.xml on the server side
<login-config>
  |       <auth-method>BASIC</auth-method>
  |       <realm-name>JBossWS</realm-name>
  |    </login-config>
but I would really like to only use wsse and not http basic authentication.

The following in org/jboss/ws/core/client/RemotingConnectionImpl.java may be what is causing the problem together with implementation of the createRemotingMetaData method:
static
  |    {
  |       metadataMap.put(Stub.USERNAME_PROPERTY, "http.basic.username");
  |       metadataMap.put(Stub.PASSWORD_PROPERTY, "http.basic.password");
  |       metadataMap.put(BindingProvider.USERNAME_PROPERTY, "http.basic.username");
  |       metadataMap.put(BindingProvider.PASSWORD_PROPERTY, "http.basic.password");
  |    }

I'm currently using jbossws 2.0.1.GA

/Mikael

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4119564#4119564

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4119564

More information about the jboss-user mailing list