10:11 a.m.
war-security does not work for EBWS.
------------------------------------
Key: JBESB-3165
URL: https://jira.jboss.org/jira/browse/JBESB-3165
Project: JBoss ESB
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Rosetta, Security, Web Services
Affects Versions: 4.7
Reporter: Daniel Bevenius
Fix For: 4.7 CP2
In EsbWebServiceDeployer only gateways in jboss-esb.xml are considered and services
configured with EBWS are not in the deploy method:
webModel.setAuthDomain(esbMetaData.getModel().getAuthDomain());
webModel.setAuthMethod(esbMetaData.getModel().getAuthMethod());
ModelUtil.updateWebModel(ModelUtil.getListenerGroups(esbMetaData.getModel()), webModel);
The getListenerGroups method only looks for gateways and an EBWS is not considered to be
one. So there will be no security constraints for the url to the EBWS.
This is just from a quick look into the code base here and I need to look into this more
closely.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
4:31 a.m.
New subject: [JBoss JIRA] Commented: (JBESB-3165) war-security does not work for EBWS.
[
https://jira.jboss.org/jira/browse/JBESB-3165?page=com.atlassian.jira.plu...
]
Daniel Bevenius commented on JBESB-3165:
----------------------------------------
Support for container level authentication for EBWS is currently not implemented. For this
we need to decide where the additional configuration information should go in the config.
The configuration properties I'm talking about here are
PROTECTED_METHODS,
TRANSPORT_GUARANTEE
ALLOWED_ROLES
Since these configuration properties belong to EBWS we might want to add it to either the
schema or as properties on the actions element, or perhaps to the global war-security
section and reference it using an id.
The deployer knows about the urlpattern and the auth method and auth domain are in the
global war security element.
war-security does not work for EBWS.
------------------------------------
Key: JBESB-3165
URL: https://jira.jboss.org/jira/browse/JBESB-3165
Project: JBoss ESB
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Rosetta, Security, Web Services
Affects Versions: 4.7
Reporter: Daniel Bevenius
Fix For: 4.7 CP2
In EsbWebServiceDeployer only gateways in jboss-esb.xml are considered and services
configured with EBWS are not in the deploy method:
webModel.setAuthDomain(esbMetaData.getModel().getAuthDomain());
webModel.setAuthMethod(esbMetaData.getModel().getAuthMethod());
ModelUtil.updateWebModel(ModelUtil.getListenerGroups(esbMetaData.getModel()), webModel);
The getListenerGroups method only looks for gateways and an EBWS is not considered to be
one. So there will be no security constraints for the url to the EBWS.
This is just from a quick look into the code base here and I need to look into this more
closely.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
6:54 a.m.
New subject: [JBoss JIRA] Updated: (JBESB-3165) war-security does not work for EBWS.
[
https://jira.jboss.org/jira/browse/JBESB-3165?page=com.atlassian.jira.plu...
]
Kevin Conner updated JBESB-3165:
--------------------------------
Fix Version/s: 4.7 CP3
(was: 4.7 CP2)
war-security does not work for EBWS.
------------------------------------
Key: JBESB-3165
URL: https://jira.jboss.org/jira/browse/JBESB-3165
Project: JBoss ESB
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Rosetta, Security, Web Services
Affects Versions: 4.7
Reporter: Daniel Bevenius
Fix For: 4.7 CP3
In EsbWebServiceDeployer only gateways in jboss-esb.xml are considered and services
configured with EBWS are not in the deploy method:
webModel.setAuthDomain(esbMetaData.getModel().getAuthDomain());
webModel.setAuthMethod(esbMetaData.getModel().getAuthMethod());
ModelUtil.updateWebModel(ModelUtil.getListenerGroups(esbMetaData.getModel()), webModel);
The getListenerGroups method only looks for gateways and an EBWS is not considered to be
one. So there will be no security constraints for the url to the EBWS.
This is just from a quick look into the code base here and I need to look into this more
closely.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
5319
days inactive
5411
days old
2 comments
2 participants
participants (2)
-
Daniel Bevenius (JIRA) -
Kevin Conner (JIRA)