"alessio.soldano(a)jboss.com" wrote : I did a bit of tests and investigation..
|
| "mageshbk(a)jboss.com" wrote : The Username token sent in the SOAP Message is
the one used by the endpoint server/stack to authenticate the user who is performing this
request. This is called MessageLevel Security as defined by UsernameToken profile. If you
see, Servlet endpoints can be configured with only basic or digest as per the specs of
their deployment model. So setting AUTH_TYPE_WSSE is not and will not be applicable to the
servlet deployment model unless you write your own customized implementation for it.
|
| mikaeljl, in other words this means you can easily and successfully use the wsse
username token profile without basic authentication through EJB3 endpoints.
| I did this way:
|
| | @WebService(
| | wsdlLocation = "META-INF/wsdl/WsSecurity10.wsdl",
| | serviceName = "PingService10",
| | name = "IPingService",
| | targetNamespace = "http://InteropBaseAddress/interop",
| | endpointInterface =
"org.jboss.test.ws.interop.nov2007.wsse.IPingService",
| | portName = "UserNameOverTransport_IPingService")
| | @EndpointConfig(configName = "Standard WSSecurity Endpoint")
| | @Stateless
| | @SecurityDomain("JBossWS")
| | @WebContext(contextRoot="/nov2007/wsseUsernameTokenHTTPS",
urlPattern="/endpoint")
| | public class UsernameTokenHTTPSTestService extends TestService implements
IPingService {
| | ...
| | }
| |
| please note, no authMethod and transportGuarantee in the @WebContext.
|
| On the client side:
|
| | ((BindingProvider)port).getRequestContext().put(StubExt.PROPERTY_AUTH_TYPE,
StubExt.PROPERTY_AUTH_TYPE_WSSE);
| | ((BindingProvider)port).getRequestContext().put(BindingProvider.USERNAME_PROPERTY,
"kermit");
| | ((BindingProvider)port).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY,
"thefrog");
| |
| This prevents the stack from using the basic auth and set the user/pwd in the context
so that they can be put in the Username token. The principal is set and can be retrieved.
Using the wrong user/pwd couple causes an authentication failure due to a
javax.ejb.EJBAccessException.
| Of course you need to set client wsse config the right way:
|
| | <jboss-ws-security
xmlns="http://www.jboss.com/ws-security/config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
| |
xsi:schemaLocation="http://www.jboss.com/ws-security/config
http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
| | <config>
| | <username/>
| | <timestamp ttl="300"/>
| | </config>
| | </jboss-ws-security>
| |
Btw I've just added a use case test for the JBWS-1991 issue; it basically use the
above described solution.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4132141#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...