[jbossws-issues] [JBoss JIRA] Commented: (JBWS-1136) Allow username to be specified in the requires list
[ http://jira.jboss.com/jira/browse/JBWS-1136?page=comments#action_12395725 ]
Alessio Soldano commented on JBWS-1136:
---------------------------------------
Given I agree with you about what you say on POJO endpoints, we could nevertheless do what
the issue title says i.e. allowing a username element in the require list of the wsse
configuration the same way we have for the timestamp, for example. This way we could
reject requests that do not have a Username Token. What do you think about?
Allow username to be specified in the requires list
---------------------------------------------------
Key: JBWS-1136
URL: http://jira.jboss.com/jira/browse/JBWS-1136
Project: JBoss Web Services
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Components: ws-security
Affects Versions: jbossws-1.0.1
Reporter: Darran Lofthouse
Fix For: community contributions
Allow username to be specified in the requires list for endpoints so that messages
without the username can be rejected.
At the moment for EJB endpoints they can be configured using standard J2EE security so if
there is no authenticated user the request is rejected, however this can't be done for
the POJO endpoints.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira