[ https://jira.jboss.org/browse/JBWS-3143?page=com.atlassian.jira.plugin.sy... ] Willem Salembier updated JBWS-3143: ----------------------------------- Description: The JAAS authentication does not work when using embedded WS-SecurityPolicies (was: 1. Create a web service with an embedded SecurityPolicy https + usernametoken. 2. Configure JAAS authentication as explained here: http://community.jboss.org/wiki/JBossWS-StackCXFUserGuide#Authentication_... Because org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingInterceptor inherits from WSS4JInInterceptor and sets the SECURITY_PROCESSED attribute, the checks in the PolicyBasedWSS4JInInterceptor are skipped. Result is a lot of policy failures. These policy alternatives can not be satisfied: {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}TransportBinding {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}TransportToken {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IncludeTimestamp {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedSupportingTokens {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken) Steps to Reproduce: 1. Create a web service with an embedded SecurityPolicy https + usernametoken. 2. Configure JAAS authentication as explained here: http://community.jboss.org/wiki/JBossWS-StackCXFUserGuide#Authentication_... Because org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingInterceptor inherits from WSS4JInInterceptor and sets the SECURITY_PROCESSED attribute, the checks in the PolicyBasedWSS4JInInterceptor are skipped. Result is a lot of policy failures. These policy alternatives can not be satisfied: {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}TransportBinding {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}TransportToken {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IncludeTimestamp {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedSupportingTokens {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

[ https://jira.jboss.org/browse/JBWS-3143?page=com.atlassian.jira.plugin.sy... ] Sergey Beryozkin commented on JBWS-3143: ---------------------------------------- Fix is available on CXF 2.4.0-SNAPSHOT trunk and is now being reviewed. Eventually it will make it into CXF 2.3.1 -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira