[
https://jira.jboss.org/browse/JBESB-3022?page=com.atlassian.jira.plugin.s...
]
Keith Babo commented on JBESB-3022:
-----------------------------------
Running with Kevin's suggestion here. I have updated your project to include a
RemoveAuthHeader action in the action chain that demonstrates how existing HTTP auth
information can be removed. I tested this with your scenario where source and target have
same auth configuration but the HttpClient configuration specifies incorrect credentials
as an override. This fails as expected with the RemoveAuthHeader action in the chain. I
then tested a scenario where the source and target have different auth configuration and
used the HttpClient configuration to specify the different user/pass for the target web
service. This passed as expected with the RemoveAuthHeader action in the chain.
See attachment (wsp_diffauth2.zip).
It is not possible to use different credentials on the input of the
service and on the SOAPProxy that invokes the proxied service
---------------------------------------------------------------------------------------------------------------------------------
Key: JBESB-3022
URL:
https://jira.jboss.org/browse/JBESB-3022
Project: JBoss ESB
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Components: Web Services
Affects Versions: 4.7
Reporter: Jiri Pechanec
Attachments: soapproxy-diffauth.zip
There is a use case - I have a secured ESB service using HTTPS/BASIC auth invoking
invoking secured HTTPS/BASIC auth web service via SOAPProxy. If the credentials are passed
from the client then everything works correctly. But if I have different credentials
required for ESB client and different credentials are required by proxied Web Service then
I use property <property name="clientCredentialsRequired"
value="false" /> to set static credentials for proxied web service.
This property works correctly if the ESB service is unsecured. Unfortunately if it is
secured then probably the credentials stored in HTTP header stored in ESB message
overwrites the static credentials set by the SOAPProxy action.
The attached example is modified webservice_proxy_secure QS and has static credentials
set to wrong values - so proxied web service should not be invoked. But if ant runtest is
executed then the wrong credentials are not used.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira