[esb-issues] [JBoss JIRA] Created: (JBESB-2759) SOAPProxy should propagate Basic Auth information to proxied web serivce

SOAPProxy should propagate Basic Auth information to proxied web serivce ------------------------------------------------------------------------ Key: JBESB-2759 URL: https://jira.jboss.org/jira/browse/JBESB-2759 Project: JBoss ESB Issue Type: Bug Security Level: Public (Everyone can see) Components: Security, Web Services Affects Versions: 4.6 Reporter: David Ward Assignee: David Ward Priority: Critical Fix For: 4.7 Currently, HttpSOAPProxyTransport has a default MappedHeaderList of "SOAPAction, Content-Type, Accept". These get pulled from the ESB Message (because they originally came in as HttpRequest headers) and propagated to the new request that gets sent to the actual external endpoint. "Authorization" should be added to this list so Basic Auth security still works. The fix should be easy, basically changing this line: setAttribute(cloned_config, "MappedHeaderList", "SOAPAction, Content-Type, Accept"); to this: setAttribute(cloned_config, "MappedHeaderList", "SOAPAction, Content-Type, Accept, Authorization"); in HttpSOAPProxyTransport.java. That way people don't need to even think about configuring it. It just gets propagated if it's already in the incoming request. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira