[jbossws-issues] [JBoss JIRA] Updated: (JBWS-1991) ReceiveUsernameToken doesn't process authentication
Thomas Diesler (JIRA)
jira-events at lists.jboss.org
Mon Feb 18 03:16:26 EST 2008
[ http://jira.jboss.com/jira/browse/JBWS-1991?page=all ]
Thomas Diesler updated JBWS-1991:
---------------------------------
Fix Version/s: jbossws-native-2.0.4
Priority: Major (was: Critical)
Alesio
> ReceiveUsernameToken doesn't process authentication
> ---------------------------------------------------
>
> Key: JBWS-1991
> URL: http://jira.jboss.com/jira/browse/JBWS-1991
> Project: JBoss Web Services
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Affects Versions: jbossws-native-2.0.3
> Reporter: seboonet
> Fix For: jbossws-native-2.0.4
>
>
> ReceiveUsernameToken (via SecurityAdaptorImpl) delegate setting of username/password directly to SecurityAssociation, without invoking authentication by JaasSecurityManagerService. I didn't use HttpBasic auth, only soap security header.
> Example header:
> <soapenv:Header>
> <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
> <wsse:UsernameToken wsu:Id="token-5-1201603135036-5863106">
> <wsse:Username>some_username_that_should_be_authenticated_by_container</wsse:Username>
> <wsse:Password>some_credentials</wsse:Password>
> </wsse:UsernameToken>
> </wsse:Security>
> </soapenv:Header>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jbossws-issues
mailing list