[esb-issues] [JBoss JIRA] Commented: (JBESB-2552) Web service publishing support for ESB services ignores WS-Security.
[
https://jira.jboss.org/jira/browse/JBESB-2552?page=com.atlassian.jira.plu...
]
Tom Fennelly commented on JBESB-2552:
-------------------------------------
That said.. I suspect there'd still need to be some code in the EBWS servlet to create
and attach the ESB security specific bit to the message before firing it from the
ServiceInvoker.
Web service publishing support for ESB services ignores WS-Security.
---------------------------------------------------------------------
Key: JBESB-2552
URL: https://jira.jboss.org/jira/browse/JBESB-2552
Project: JBoss ESB
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Rosetta
Affects Versions: 4.5
Reporter: Ben Hahn
Fix For: 4.7
Need support for WS-Security much like what the JBR Http gateway listener does. Looking
at org.jboss.internal.soa.esb.webservice.BaseWebService class, it does not extract the
WS-Security information from the SOAP Header to populate the AuthenticationRequest on the
ESB Message Context. Any secured ESB service published as web services will get an
Authentication Request missing error even though the SOAP message contains WS-Security
tokens on the message header.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira