[esb-issues] [JBoss JIRA] Closed: (JBESB-2759) SOAPProxy should propagate Basic Auth information to and from proxied web serivce

SOAPProxy should propagate Basic Auth information to and from proxied web serivce --------------------------------------------------------------------------------- Key: JBESB-2759 URL: https://jira.jboss.org/jira/browse/JBESB-2759 Project: JBoss ESB Issue Type: Bug Security Level: Public(Everyone can see) Components: Security, Web Services Affects Versions: 4.6 Reporter: David Ward Assignee: David Ward Priority: Critical Fix For: 4.7 1) Currently, HttpSOAPProxyTransport has a default MappedHeaderList of "SOAPAction, Content-Type, Accept". These get pulled from the ESB Message (because they originally came in as HttpRequest headers) and propagated to the new request that gets sent to the actual external endpoint. "Authorization" should be added to this list so Basic Auth security still works. The fix should be easy, basically changing this line: setAttribute(cloned_config, "MappedHeaderList", "SOAPAction, Content-Type, Accept"); to this: setAttribute(cloned_config, "MappedHeaderList", "SOAPAction, Content-Type, Accept, Authorization"); in HttpSOAPProxyTransport.java. That way people don't need to even think about configuring it. It just gets propagated if it's already in the incoming request. As far as response headers coming back from the external endpoint, that has been resolved in JBESB-2511. So this would already come back: WWW-Authenticate: Basic realm="Secure Area" 2) Both JBossRemotingGatewayListener and HttpGatewayLisener should return the response code as well, which for this would be: HTTP/1.0 401 Authorization Required If I recall correctly, HttpGatewayLisener does return them, but JBossRemotingGatewayListener doesn't. I think. Would have to go back and check.