[JBoss JIRA] Created: (JBESB-2552) Web service publishing support for ESB services ignores WS-Security.

[JBoss JIRA] Created: (JBESB-2865)...

[JBoss JIRA] Created: (JBESB-2628)...

Ben Hahn (JIRA)

Wednesday, 6 May 2009 Wed, 6 May '09

11:42 a.m.

Web service publishing support for ESB services ignores WS-Security. --------------------------------------------------------------------- Key: JBESB-2552 URL: https://jira.jboss.org/jira/browse/JBESB-2552 Project: JBoss ESB Issue Type: Bug Security Level: Public (Everyone can see) Components: Rosetta Affects Versions: 4.5 Reporter: Ben Hahn Need support for WS-Security much like what the JBR Http gateway listener does. Looking at org.jboss.internal.soa.esb.webservice.BaseWebService class, it does not extract the WS-Security information from the SOAP Header to populate the AuthenticationRequest on the ESB Message Context. Any secured ESB service published as web services will get an Authentication Request missing error even though the SOAP message contains WS-Security tokens on the message header. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

Show replies by date

Kevin Conner (JIRA)

Friday, 8 May Fri, 8 May

10:42 a.m.

New subject: [JBoss JIRA] Updated: (JBESB-2552) Web service publishing support for ESB services ignores WS-Security.

[ https://jira.jboss.org/jira/browse/JBESB-2552?page=com.atlassian.jira.plu... ] Kevin Conner updated JBESB-2552: -------------------------------- Fix Version/s: 4.6

...

Web service publishing support for ESB services ignores WS-Security. --------------------------------------------------------------------- Key: JBESB-2552 URL: https://jira.jboss.org/jira/browse/JBESB-2552 Project: JBoss ESB Issue Type: Bug Security Level: Public(Everyone can see) Components: Rosetta Affects Versions: 4.5 Reporter: Ben Hahn Fix For: 4.6 Need support for WS-Security much like what the JBR Http gateway listener does. Looking at org.jboss.internal.soa.esb.webservice.BaseWebService class, it does not extract the WS-Security information from the SOAP Header to populate the AuthenticationRequest on the ESB Message Context. Any secured ESB service published as web services will get an Authentication Request missing error even though the SOAP message contains WS-Security tokens on the message header.

-- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

Tom Fennelly (JIRA)

Monday, 29 June Mon, 29 Jun

7:06 a.m.

New subject: [JBoss JIRA] Assigned: (JBESB-2552) Web service publishing support for ESB services ignores WS-Security.

[ https://jira.jboss.org/jira/browse/JBESB-2552?page=com.atlassian.jira.plu... ] Tom Fennelly reassigned JBESB-2552: ----------------------------------- Assignee: Tom Fennelly

...

Web service publishing support for ESB services ignores WS-Security. --------------------------------------------------------------------- Key: JBESB-2552 URL: https://jira.jboss.org/jira/browse/JBESB-2552 Project: JBoss ESB Issue Type: Bug Security Level: Public(Everyone can see) Components: Rosetta Affects Versions: 4.5 Reporter: Ben Hahn Assignee: Tom Fennelly Fix For: 4.6 Need support for WS-Security much like what the JBR Http gateway listener does. Looking at org.jboss.internal.soa.esb.webservice.BaseWebService class, it does not extract the WS-Security information from the SOAP Header to populate the AuthenticationRequest on the ESB Message Context. Any secured ESB service published as web services will get an Authentication Request missing error even though the SOAP message contains WS-Security tokens on the message header.

Tom Fennelly (JIRA)

7:06 a.m.

New subject: [JBoss JIRA] Work started: (JBESB-2552) Web service publishing support for ESB services ignores WS-Security.

[ https://jira.jboss.org/jira/browse/JBESB-2552?page=com.atlassian.jira.plu... ] Work on JBESB-2552 started by Tom Fennelly.

...

Web service publishing support for ESB services ignores WS-Security. --------------------------------------------------------------------- Key: JBESB-2552 URL: https://jira.jboss.org/jira/browse/JBESB-2552 Project: JBoss ESB Issue Type: Bug Security Level: Public(Everyone can see) Components: Rosetta Affects Versions: 4.5 Reporter: Ben Hahn Assignee: Tom Fennelly Fix For: 4.6 Need support for WS-Security much like what the JBR Http gateway listener does. Looking at org.jboss.internal.soa.esb.webservice.BaseWebService class, it does not extract the WS-Security information from the SOAP Header to populate the AuthenticationRequest on the ESB Message Context. Any secured ESB service published as web services will get an Authentication Request missing error even though the SOAP message contains WS-Security tokens on the message header.

Kevin Conner (JIRA)

8:03 a.m.

New subject: [JBoss JIRA] Commented: (JBESB-2552) Web service publishing support for ESB services ignores WS-Security.

[ https://jira.jboss.org/jira/browse/JBESB-2552?page=com.atlassian.jira.plu... ] Kevin Conner commented on JBESB-2552: ------------------------------------- This needs to be done through JBossWS.

...

Web service publishing support for ESB services ignores WS-Security. --------------------------------------------------------------------- Key: JBESB-2552 URL: https://jira.jboss.org/jira/browse/JBESB-2552 Project: JBoss ESB Issue Type: Bug Security Level: Public(Everyone can see) Components: Rosetta Affects Versions: 4.5 Reporter: Ben Hahn Assignee: Tom Fennelly Fix For: 4.6 Need support for WS-Security much like what the JBR Http gateway listener does. Looking at org.jboss.internal.soa.esb.webservice.BaseWebService class, it does not extract the WS-Security information from the SOAP Header to populate the AuthenticationRequest on the ESB Message Context. Any secured ESB service published as web services will get an Authentication Request missing error even though the SOAP message contains WS-Security tokens on the message header.

Tom Fennelly (JIRA)

8:20 a.m.

New subject: [JBoss JIRA] Assigned: (JBESB-2552) Web service publishing support for ESB services ignores WS-Security.

[ https://jira.jboss.org/jira/browse/JBESB-2552?page=com.atlassian.jira.plu... ] Tom Fennelly reassigned JBESB-2552: ----------------------------------- Assignee: (was: Tom Fennelly)

...

Web service publishing support for ESB services ignores WS-Security. --------------------------------------------------------------------- Key: JBESB-2552 URL: https://jira.jboss.org/jira/browse/JBESB-2552 Project: JBoss ESB Issue Type: Bug Security Level: Public(Everyone can see) Components: Rosetta Affects Versions: 4.5 Reporter: Ben Hahn Fix For: 4.6 Need support for WS-Security much like what the JBR Http gateway listener does. Looking at org.jboss.internal.soa.esb.webservice.BaseWebService class, it does not extract the WS-Security information from the SOAP Header to populate the AuthenticationRequest on the ESB Message Context. Any secured ESB service published as web services will get an Authentication Request missing error even though the SOAP message contains WS-Security tokens on the message header.

Tom Fennelly (JIRA)

8:20 a.m.

New subject: [JBoss JIRA] Work stopped: (JBESB-2552) Web service publishing support for ESB services ignores WS-Security.

[ https://jira.jboss.org/jira/browse/JBESB-2552?page=com.atlassian.jira.plu... ] Work on JBESB-2552 stopped by Tom Fennelly.

...

Web service publishing support for ESB services ignores WS-Security. --------------------------------------------------------------------- Key: JBESB-2552 URL: https://jira.jboss.org/jira/browse/JBESB-2552 Project: JBoss ESB Issue Type: Bug Security Level: Public(Everyone can see) Components: Rosetta Affects Versions: 4.5 Reporter: Ben Hahn Assignee: Tom Fennelly Fix For: 4.6 Need support for WS-Security much like what the JBR Http gateway listener does. Looking at org.jboss.internal.soa.esb.webservice.BaseWebService class, it does not extract the WS-Security information from the SOAP Header to populate the AuthenticationRequest on the ESB Message Context. Any secured ESB service published as web services will get an Authentication Request missing error even though the SOAP message contains WS-Security tokens on the message header.

Kevin Conner (JIRA)

Monday, 6 July Mon, 6 Jul

4:37 a.m.

New subject: [JBoss JIRA] Updated: (JBESB-2552) Web service publishing support for ESB services ignores WS-Security.

[ https://jira.jboss.org/jira/browse/JBESB-2552?page=com.atlassian.jira.plu... ] Kevin Conner updated JBESB-2552: -------------------------------- Fix Version/s: 4.7 (was: 4.6)

...

Web service publishing support for ESB services ignores WS-Security. --------------------------------------------------------------------- Key: JBESB-2552 URL: https://jira.jboss.org/jira/browse/JBESB-2552 Project: JBoss ESB Issue Type: Bug Security Level: Public(Everyone can see) Components: Rosetta Affects Versions: 4.5 Reporter: Ben Hahn Fix For: 4.7 Need support for WS-Security much like what the JBR Http gateway listener does. Looking at org.jboss.internal.soa.esb.webservice.BaseWebService class, it does not extract the WS-Security information from the SOAP Header to populate the AuthenticationRequest on the ESB Message Context. Any secured ESB service published as web services will get an Authentication Request missing error even though the SOAP message contains WS-Security tokens on the message header.

Jeff DeLong (JIRA)

Wednesday, 26 August Wed, 26 Aug

12:49 p.m.

New subject: [JBoss JIRA] Commented: (JBESB-2552) Web service publishing support for ESB services ignores WS-Security.

[ https://jira.jboss.org/jira/browse/JBESB-2552?page=com.atlassian.jira.plu... ] Jeff DeLong commented on JBESB-2552: ------------------------------------ Exactly what needs to be done through JBossWS? The authentication? Or the population of the ESB Message Context?

...

Web service publishing support for ESB services ignores WS-Security. --------------------------------------------------------------------- Key: JBESB-2552 URL: https://jira.jboss.org/jira/browse/JBESB-2552 Project: JBoss ESB Issue Type: Bug Security Level: Public(Everyone can see) Components: Rosetta Affects Versions: 4.5 Reporter: Ben Hahn Fix For: 4.7 Need support for WS-Security much like what the JBR Http gateway listener does. Looking at org.jboss.internal.soa.esb.webservice.BaseWebService class, it does not extract the WS-Security information from the SOAP Header to populate the AuthenticationRequest on the ESB Message Context. Any secured ESB service published as web services will get an Authentication Request missing error even though the SOAP message contains WS-Security tokens on the message header.

Tom Fennelly (JIRA)

1:46 p.m.

New subject: [JBoss JIRA] Commented: (JBESB-2552) Web service publishing support for ESB services ignores WS-Security.

[ https://jira.jboss.org/jira/browse/JBESB-2552?page=com.atlassian.jira.plu... ] Tom Fennelly commented on JBESB-2552: ------------------------------------- I'd guess that what Kev is saying is that the security should be done within the servlet container using standard servlet role-based security, targetting the JBossWS endpoint address i.e. the container should be managing it Vs us writing custom code inside the EBWS servlet impl itself .

...

Web service publishing support for ESB services ignores WS-Security. --------------------------------------------------------------------- Key: JBESB-2552 URL: https://jira.jboss.org/jira/browse/JBESB-2552 Project: JBoss ESB Issue Type: Bug Security Level: Public(Everyone can see) Components: Rosetta Affects Versions: 4.5 Reporter: Ben Hahn Fix For: 4.7 Need support for WS-Security much like what the JBR Http gateway listener does. Looking at org.jboss.internal.soa.esb.webservice.BaseWebService class, it does not extract the WS-Security information from the SOAP Header to populate the AuthenticationRequest on the ESB Message Context. Any secured ESB service published as web services will get an Authentication Request missing error even though the SOAP message contains WS-Security tokens on the message header.

Tom Fennelly (JIRA)

1:49 p.m.

New subject: [JBoss JIRA] Commented: (JBESB-2552) Web service publishing support for ESB services ignores WS-Security.

[ https://jira.jboss.org/jira/browse/JBESB-2552?page=com.atlassian.jira.plu... ] Tom Fennelly commented on JBESB-2552: ------------------------------------- That said.. I suspect there'd still need to be some code in the EBWS servlet to create and attach the ESB security specific bit to the message before firing it from the ServiceInvoker.

...

Web service publishing support for ESB services ignores WS-Security. --------------------------------------------------------------------- Key: JBESB-2552 URL: https://jira.jboss.org/jira/browse/JBESB-2552 Project: JBoss ESB Issue Type: Bug Security Level: Public(Everyone can see) Components: Rosetta Affects Versions: 4.5 Reporter: Ben Hahn Fix For: 4.7 Need support for WS-Security much like what the JBR Http gateway listener does. Looking at org.jboss.internal.soa.esb.webservice.BaseWebService class, it does not extract the WS-Security information from the SOAP Header to populate the AuthenticationRequest on the ESB Message Context. Any secured ESB service published as web services will get an Authentication Request missing error even though the SOAP message contains WS-Security tokens on the message header.

Kevin Conner (JIRA)

Sunday, 30 August Sun, 30 Aug

11:58 a.m.

New subject: [JBoss JIRA] Commented: (JBESB-2552) Web service publishing support for ESB services ignores WS-Security.

[ https://jira.jboss.org/jira/browse/JBESB-2552?page=com.atlassian.jira.plu... ] Kevin Conner commented on JBESB-2552: ------------------------------------- Yes, Tom is spot on.

...

Web service publishing support for ESB services ignores WS-Security. --------------------------------------------------------------------- Key: JBESB-2552 URL: https://jira.jboss.org/jira/browse/JBESB-2552 Project: JBoss ESB Issue Type: Bug Security Level: Public(Everyone can see) Components: Rosetta Affects Versions: 4.5 Reporter: Ben Hahn Fix For: 4.7 Need support for WS-Security much like what the JBR Http gateway listener does. Looking at org.jboss.internal.soa.esb.webservice.BaseWebService class, it does not extract the WS-Security information from the SOAP Header to populate the AuthenticationRequest on the ESB Message Context. Any secured ESB service published as web services will get an Authentication Request missing error even though the SOAP message contains WS-Security tokens on the message header.

Daniel Bevenius (JIRA)

Thursday, 3 September Thu, 3 Sep

3:26 a.m.

New subject: [JBoss JIRA] Assigned: (JBESB-2552) Web service publishing support for ESB services ignores WS-Security.

[ https://jira.jboss.org/jira/browse/JBESB-2552?page=com.atlassian.jira.plu... ] Daniel Bevenius reassigned JBESB-2552: -------------------------------------- Assignee: Daniel Bevenius

...

Web service publishing support for ESB services ignores WS-Security. --------------------------------------------------------------------- Key: JBESB-2552 URL: https://jira.jboss.org/jira/browse/JBESB-2552 Project: JBoss ESB Issue Type: Bug Security Level: Public(Everyone can see) Components: Rosetta Affects Versions: 4.5 Reporter: Ben Hahn Assignee: Daniel Bevenius Fix For: 4.7 Need support for WS-Security much like what the JBR Http gateway listener does. Looking at org.jboss.internal.soa.esb.webservice.BaseWebService class, it does not extract the WS-Security information from the SOAP Header to populate the AuthenticationRequest on the ESB Message Context. Any secured ESB service published as web services will get an Authentication Request missing error even though the SOAP message contains WS-Security tokens on the message header.

Daniel Bevenius (JIRA)

Monday, 28 September Mon, 28 Sep

5:53 a.m.

New subject: [JBoss JIRA] Work started: (JBESB-2552) Web service publishing support for ESB services ignores WS-Security.

[ https://jira.jboss.org/jira/browse/JBESB-2552?page=com.atlassian.jira.plu... ] Work on JBESB-2552 started by Daniel Bevenius.

...

Web service publishing support for ESB services ignores WS-Security. --------------------------------------------------------------------- Key: JBESB-2552 URL: https://jira.jboss.org/jira/browse/JBESB-2552 Project: JBoss ESB Issue Type: Bug Security Level: Public(Everyone can see) Components: Rosetta Affects Versions: 4.5 Reporter: Ben Hahn Assignee: Daniel Bevenius Fix For: 4.7 Need support for WS-Security much like what the JBR Http gateway listener does. Looking at org.jboss.internal.soa.esb.webservice.BaseWebService class, it does not extract the WS-Security information from the SOAP Header to populate the AuthenticationRequest on the ESB Message Context. Any secured ESB service published as web services will get an Authentication Request missing error even though the SOAP message contains WS-Security tokens on the message header.

Daniel Bevenius (JIRA)

Wednesday, 30 September Wed, 30 Sep

1:03 a.m.

New subject: [JBoss JIRA] Updated: (JBESB-2552) Web service publishing support for ESB services ignores WS-Security.

[ https://jira.jboss.org/jira/browse/JBESB-2552?page=com.atlassian.jira.plu... ] Daniel Bevenius updated JBESB-2552: ----------------------------------- JBoss Forum Reference: http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4257738#...

...

Web service publishing support for ESB services ignores WS-Security. --------------------------------------------------------------------- Key: JBESB-2552 URL: https://jira.jboss.org/jira/browse/JBESB-2552 Project: JBoss ESB Issue Type: Bug Security Level: Public(Everyone can see) Components: Rosetta Affects Versions: 4.5 Reporter: Ben Hahn Assignee: Daniel Bevenius Fix For: 4.7 Need support for WS-Security much like what the JBR Http gateway listener does. Looking at org.jboss.internal.soa.esb.webservice.BaseWebService class, it does not extract the WS-Security information from the SOAP Header to populate the AuthenticationRequest on the ESB Message Context. Any secured ESB service published as web services will get an Authentication Request missing error even though the SOAP message contains WS-Security tokens on the message header.

Daniel Bevenius (JIRA)

Thursday, 1 October Thu, 1 Oct

6:29 a.m.

New subject: [JBoss JIRA] Closed: (JBESB-2552) Web service publishing support for ESB services ignores WS-Security.

[ https://jira.jboss.org/jira/browse/JBESB-2552?page=com.atlassian.jira.plu... ] Daniel Bevenius closed JBESB-2552. ---------------------------------- Resolution: Done Committed with revision 29519.

...

Web service publishing support for ESB services ignores WS-Security. --------------------------------------------------------------------- Key: JBESB-2552 URL: https://jira.jboss.org/jira/browse/JBESB-2552 Project: JBoss ESB Issue Type: Bug Security Level: Public(Everyone can see) Components: Rosetta Affects Versions: 4.5 Reporter: Ben Hahn Assignee: Daniel Bevenius Fix For: 4.7 Need support for WS-Security much like what the JBR Http gateway listener does. Looking at org.jboss.internal.soa.esb.webservice.BaseWebService class, it does not extract the WS-Security information from the SOAP Header to populate the AuthenticationRequest on the ESB Message Context. Any secured ESB service published as web services will get an Authentication Request missing error even though the SOAP message contains WS-Security tokens on the message header.

5536

days inactive

5684

days old

esb-issues@lists.jboss.org

Manage subscription

15 comments

5 participants

tags (0)

participants (5)

Ben Hahn (JIRA)
Daniel Bevenius (JIRA)
Jeff DeLong (JIRA)
Kevin Conner (JIRA)
Tom Fennelly (JIRA)

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

[JBoss JIRA] Created: (JBESB-2552) Web service publishing support for ESB services ignores WS-Security.