]
Alessio Soldano updated JBWS-1991:
----------------------------------
Component/s: ws-security
ReceiveUsernameToken doesn't process authentication
---------------------------------------------------
Key: JBWS-1991
URL:
http://jira.jboss.com/jira/browse/JBWS-1991
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: ws-security, jbossws-native
Affects Versions: jbossws-native-2.0.3
Reporter: seboonet
Fix For: jbossws-native-2.0.4
ReceiveUsernameToken (via SecurityAdaptorImpl) delegate setting of username/password
directly to SecurityAssociation, without invoking authentication by
JaasSecurityManagerService. I didn't use HttpBasic auth, only soap security header.
Example header:
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-...
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-w...
<wsse:UsernameToken wsu:Id="token-5-1201603135036-5863106">
<wsse:Username>some_username_that_should_be_authenticated_by_container</wsse:Username>
<wsse:Password>some_credentials</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: