[JBoss JIRA] (JBESB-3946) SOA-P 5.3.1 needs to support SOAP 1.2 Authentication
by RH Bugzilla Integration (JIRA)
[ https://issues.jboss.org/browse/JBESB-3946?page=com.atlassian.jira.plugin... ]
RH Bugzilla Integration updated JBESB-3946:
-------------------------------------------
Bugzilla Update: Perform
Bugzilla References: https://bugzilla.redhat.com/show_bug.cgi?id=991136
> SOA-P 5.3.1 needs to support SOAP 1.2 Authentication
> ----------------------------------------------------
>
> Key: JBESB-3946
> URL: https://issues.jboss.org/…
[View More]browse/JBESB-3946
> Project: JBoss ESB
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Web Services
> Affects Versions: 4.11
> Reporter: Tom Cunningham
> Fix For: 4.11 CP3
>
>
> From case :
> We want to use SOAP 1.2 with JBoss ESB, but some of the classes are not compatible implemented.
> In "SoapExtractionUtil" hard coded QNames are used!
> Code snippet:
> public static boolean isStartOfHeader(final XMLEvent event)
> {
> return event.isStartElement() && ((StartElement)event).getName().equals(SOAP_HEADER_QNAME);
> }
> When this is used by the "UsernameTokenExtractor", in the method "extractSecurityInfo" and the security is no longer useable when using SOAP 1.2!!!
> Code snippet:
> public AuthenticationRequest extractSecurityInfo(final String soap)
> throws ExtractionException {
> if (soap == null || !soap.startsWith("<"))
> return null;
> XMLEventReader xmlReader = null;
> User user = null;
> Set<Object> credentials = new HashSet<Object>();
> try {
> xmlReader = XML_INPUT_FACTORY
> .createXMLEventReader(new StringReader(soap));
> while (xmlReader.hasNext()) {
> XMLEvent xmlEvent = xmlReader.nextEvent();
> if (isStartOfHeader(xmlEvent)) {
> We need to support "SOAP 1.2" to communicate with customers.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[View Less]