12:08 p.m.
authorization based on certificate used for wsse signature
----------------------------------------------------------
Key: JBWS-1907
URL: http://jira.jboss.com/jira/browse/JBWS-1907
Project: JBoss Web Services
Issue Type: Feature Request
Security Level: Public (Everyone can see)
Affects Versions: jbossws-2.0.1.SP2
Environment: Windows XP SP2, JBoss 2.1.0 GA
Reporter: Artur Lipski
getting the principal subject from client certificate or even the whole client certificate
on web service level when WS-Security is provided with CLIENT-CERT authentication.
Something similar to WebServiceContext.getClientCertificate()
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
1:52 p.m.
New subject: [JBoss JIRA] Updated: (JBWS-1907) authorization based on certificate used for wsse signature
[ http://jira.jboss.com/jira/browse/JBWS-1907?page=all ]
Alessio Soldano updated JBWS-1907:
----------------------------------
Component/s: ws-security
authorization based on certificate used for wsse signature
----------------------------------------------------------
Key: JBWS-1907
URL: http://jira.jboss.com/jira/browse/JBWS-1907
Project: JBoss Web Services
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Components: ws-security
Affects Versions: jbossws-2.0.1.SP2
Environment: Windows XP SP2, JBoss 2.1.0 GA
Reporter: Artur Lipski
getting the principal subject from client certificate or even the whole client
certificate on web service level when WS-Security is provided with CLIENT-CERT
authentication.
Something similar to WebServiceContext.getClientCertificate()
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
2:20 a.m.
New subject: [JBoss JIRA] Updated: (JBWS-1907) authorization based on certificate used for wsse signature
[ http://jira.jboss.com/jira/browse/JBWS-1907?page=all ]
Thomas Diesler updated JBWS-1907:
---------------------------------
Fix Version/s: jbossws-native-2.0.4
authorization based on certificate used for wsse signature
----------------------------------------------------------
Key: JBWS-1907
URL: http://jira.jboss.com/jira/browse/JBWS-1907
Project: JBoss Web Services
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Components: ws-security
Affects Versions: jbossws-2.0.1.SP2
Environment: Windows XP SP2, JBoss 2.1.0 GA
Reporter: Artur Lipski
Fix For: jbossws-native-2.0.4
getting the principal subject from client certificate or even the whole client
certificate on web service level when WS-Security is provided with CLIENT-CERT
authentication.
Something similar to WebServiceContext.getClientCertificate()
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
9:38 a.m.
New subject: [JBoss JIRA] Updated: (JBWS-1907) authorization based on certificate used for wsse signature
[ http://jira.jboss.com/jira/browse/JBWS-1907?page=all ]
Alessio Soldano updated JBWS-1907:
----------------------------------
Fix Version/s: jbossws-3.x
(was: jbossws-native-2.0.4)
authorization based on certificate used for wsse signature
----------------------------------------------------------
Key: JBWS-1907
URL: http://jira.jboss.com/jira/browse/JBWS-1907
Project: JBoss Web Services
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Components: ws-security
Affects Versions: jbossws-2.0.1.SP2
Environment: Windows XP SP2, JBoss 2.1.0 GA
Reporter: Artur Lipski
Fix For: jbossws-3.x
getting the principal subject from client certificate or even the whole client
certificate on web service level when WS-Security is provided with CLIENT-CERT
authentication.
Something similar to WebServiceContext.getClientCertificate()
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
2:58 p.m.
New subject: [JBoss JIRA] Updated: (JBWS-1907) authorization based on certificate used for wsse signature
[ http://jira.jboss.com/jira/browse/JBWS-1907?page=all ]
Rodolfo Botto updated JBWS-1907:
--------------------------------
Attachment: patch_certificates.txt
We need the feature of knowing which certificate was used for each service requested, so
we do changes to publish a list of client Certificates used for signature and encryption
in MessageContext. They are published as a Set in MessageContext with name
JBOSS_WSSE_X509_CERTIFICATES
authorization based on certificate used for wsse signature
----------------------------------------------------------
Key: JBWS-1907
URL: http://jira.jboss.com/jira/browse/JBWS-1907
Project: JBoss Web Services
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Components: ws-security
Affects Versions: jbossws-2.0.1.SP2
Environment: Windows XP SP2, JBoss 2.1.0 GA
Reporter: Artur Lipski
Fix For: jbossws-3.x
Attachments: patch_certificates.txt
getting the principal subject from client certificate or even the whole client
certificate on web service level when WS-Security is provided with CLIENT-CERT
authentication.
Something similar to WebServiceContext.getClientCertificate()
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
1:42 a.m.
New subject: [JBoss JIRA] Updated: (JBWS-1907) authorization based on certificate used for wsse signature
[ http://jira.jboss.com/jira/browse/JBWS-1907?page=all ]
Thomas Diesler updated JBWS-1907:
---------------------------------
Fix Version/s: jbossws-native-2.0.5
(was: jbossws-3.x)
Possible patch attached
authorization based on certificate used for wsse signature
----------------------------------------------------------
Key: JBWS-1907
URL: http://jira.jboss.com/jira/browse/JBWS-1907
Project: JBoss Web Services
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Components: ws-security
Affects Versions: jbossws-2.0.1.SP2
Environment: Windows XP SP2, JBoss 2.1.0 GA
Reporter: Artur Lipski
Fix For: jbossws-native-2.0.5
Attachments: patch_certificates.txt
getting the principal subject from client certificate or even the whole client
certificate on web service level when WS-Security is provided with CLIENT-CERT
authentication.
Something similar to WebServiceContext.getClientCertificate()
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
3:50 a.m.
New subject: [JBoss JIRA] Updated: (JBWS-1907) authorization based on certificate used for wsse signature
[ http://jira.jboss.com/jira/browse/JBWS-1907?page=all ]
Thomas Diesler updated JBWS-1907:
---------------------------------
Fix Version/s: jbossws-3.x
(was: jbossws-native-2.0.5)
authorization based on certificate used for wsse signature
----------------------------------------------------------
Key: JBWS-1907
URL: http://jira.jboss.com/jira/browse/JBWS-1907
Project: JBoss Web Services
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Components: ws-security
Affects Versions: jbossws-2.0.1.SP2
Environment: Windows XP SP2, JBoss 2.1.0 GA
Reporter: Artur Lipski
Fix For: jbossws-3.x
Attachments: patch_certificates.txt
getting the principal subject from client certificate or even the whole client
certificate on web service level when WS-Security is provided with CLIENT-CERT
authentication.
Something similar to WebServiceContext.getClientCertificate()
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
6:24 a.m.
New subject: [JBoss JIRA] Updated: (JBWS-1907) authorization based on certificate used for wsse signature
[ http://jira.jboss.com/jira/browse/JBWS-1907?page=all ]
Thomas Diesler updated JBWS-1907:
---------------------------------
Fix Version/s: jbossws-native-2.0.5
(was: jbossws-native)
Assignee: Alessio Soldano
authorization based on certificate used for wsse signature
----------------------------------------------------------
Key: JBWS-1907
URL: http://jira.jboss.com/jira/browse/JBWS-1907
Project: JBoss Web Services
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Components: ws-security
Affects Versions: jbossws-2.0.1.SP2
Environment: Windows XP SP2, JBoss 2.1.0 GA
Reporter: Artur Lipski
Assigned To: Alessio Soldano
Fix For: jbossws-native-2.0.5
Attachments: patch_certificates.txt
getting the principal subject from client certificate or even the whole client
certificate on web service level when WS-Security is provided with CLIENT-CERT
authentication.
Something similar to WebServiceContext.getClientCertificate()
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
8:28 a.m.
New subject: [JBoss JIRA] Updated: (JBWS-1907) authorization based on certificate used for wsse signature
[ http://jira.jboss.com/jira/browse/JBWS-1907?page=all ]
Thomas Diesler updated JBWS-1907:
---------------------------------
Fix Version/s: jbossws-3.0.2
authorization based on certificate used for wsse signature
----------------------------------------------------------
Key: JBWS-1907
URL: http://jira.jboss.com/jira/browse/JBWS-1907
Project: JBoss Web Services
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Components: ws-security
Affects Versions: jbossws-2.0.1.SP2
Environment: Windows XP SP2, JBoss 2.1.0 GA
Reporter: Artur Lipski
Assigned To: Alessio Soldano
Fix For: jbossws-native-2.0.5, jbossws-3.0.2
Attachments: patch_certificates.txt
getting the principal subject from client certificate or even the whole client
certificate on web service level when WS-Security is provided with CLIENT-CERT
authentication.
Something similar to WebServiceContext.getClientCertificate()
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
8:45 a.m.
New subject: [JBoss JIRA] Updated: (JBWS-1907) authorization based on certificate used for wsse signature
[ http://jira.jboss.com/jira/browse/JBWS-1907?page=all ]
Thomas Diesler updated JBWS-1907:
---------------------------------
Fix Version/s: (was: jbossws-3.0.2)
authorization based on certificate used for wsse signature
----------------------------------------------------------
Key: JBWS-1907
URL: http://jira.jboss.com/jira/browse/JBWS-1907
Project: JBoss Web Services
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Components: ws-security
Affects Versions: jbossws-2.0.1.SP2
Environment: Windows XP SP2, JBoss 2.1.0 GA
Reporter: Artur Lipski
Assigned To: Alessio Soldano
Fix For: jbossws-native-2.0.5
Attachments: patch_certificates.txt
getting the principal subject from client certificate or even the whole client
certificate on web service level when WS-Security is provided with CLIENT-CERT
authentication.
Something similar to WebServiceContext.getClientCertificate()
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
3:20 a.m.
New subject: [JBoss JIRA] Updated: (JBWS-1907) authorization based on certificate used for wsse signature
[ http://jira.jboss.com/jira/browse/JBWS-1907?page=all ]
Alessio Soldano updated JBWS-1907:
----------------------------------
Original Estimate: 1 day
Remaining Estimate: 1 day
authorization based on certificate used for wsse signature
----------------------------------------------------------
Key: JBWS-1907
URL: http://jira.jboss.com/jira/browse/JBWS-1907
Project: JBoss Web Services
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Components: ws-security
Affects Versions: jbossws-2.0.1.SP2
Environment: Windows XP SP2, JBoss 2.1.0 GA
Reporter: Artur Lipski
Assigned To: Alessio Soldano
Fix For: jbossws-native-3.0.2
Attachments: patch_certificates.txt
Original Estimate: 1 day
Remaining Estimate: 1 day
getting the principal subject from client certificate or even the whole client
certificate on web service level when WS-Security is provided with CLIENT-CERT
authentication.
Something similar to WebServiceContext.getClientCertificate()
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
1:50 a.m.
New subject: [JBoss JIRA] Commented: (JBWS-1907) authorization based on certificate used for wsse signature
[ http://jira.jboss.com/jira/browse/JBWS-1907?page=comments#action_12414251 ]
Alessio Soldano commented on JBWS-1907:
---------------------------------------
The test org.jboss.test.ws.jaxws.jbws2116.CertAuthTestCase provides an example of
certificate authentication. This has been achieved in a more standard way that what was
proposed in the attached fix, since we now have JAAS integration for certificate auth too;
thus having a list of certificates in the context for hand-made processing shouldn't
be required.
I suggest Artur Lipski to take a look at the implementation and the sample and perhaps
comment here. User documentation on the wiki will be available in few days.
authorization based on certificate used for wsse signature
----------------------------------------------------------
Key: JBWS-1907
URL: http://jira.jboss.com/jira/browse/JBWS-1907
Project: JBoss Web Services
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Components: ws-security
Affects Versions: jbossws-2.0.1.SP2
Environment: Windows XP SP2, JBoss 2.1.0 GA
Reporter: Artur Lipski
Assigned To: Alessio Soldano
Fix For: jbossws-native-3.0.2
Attachments: patch_certificates.txt
Original Estimate: 1 day
Remaining Estimate: 1 day
getting the principal subject from client certificate or even the whole client
certificate on web service level when WS-Security is provided with CLIENT-CERT
authentication.
Something similar to WebServiceContext.getClientCertificate()
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
6076
days inactive
6271
days old
jbossws-issues@lists.jboss.org
11 comments
4 participants
participants (4)
-
Alessio Soldano (JIRA) -
Artur Lipski (JIRA)
-
Rodolfo Botto (JIRA)
-
Thomas Diesler (JIRA)