[esb-issues] [JBoss JIRA] Commented: (JBESB-3138) Usename token authentication does not work

Daniel Bevenius (JIRA) jira-events at lists.jboss.org
Wed Jan 20 07:29:47 EST 2010 

    [ https://jira.jboss.org/jira/browse/JBESB-3138?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12507176#action_12507176 ] 

Daniel Bevenius commented on JBESB-3138:
----------------------------------------

Can you try specifying the namespace for the version of wsse that you are using in jboss-esb.xml. For example:

<jbr-listener name="Http-Gateway" busidref="Http-1" is-gateway="true">
      <property name="securityNS" value="http://schemas.xmlsoap.org/ws/2002/04/secext"/>
</jbr-listener>

Previously we were trying to match any possible namespace, well really only two:
http://docs.oasis-open.org/wss/2004/01/oasis-200401http-wss-wssecurity-secext-1.0.xsd
http://schemas.xmlsoap.org/ws/2002/04/secext

This is now a configurable setting on for JBossRemotingGatewayListener and will default to the first namespace above. This was done as part of the performance work recently. 
Let me check that this has been documented as it might not be. 


> Usename token authentication does not work
> ------------------------------------------
>
>                 Key: JBESB-3138
>                 URL: https://jira.jboss.org/jira/browse/JBESB-3138
>             Project: JBoss ESB
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Rosetta, Web Services
>    Affects Versions: 4.7
>            Reporter: Jiri Pechanec
>            Priority: Critical
>         Attachments: wsp_secured.zip
>
>
> If security is enable on service and SOAP message with Username token is sent then  server throws SecurityException
> 12:45:40,293 ERROR [ActionProcessingPipeline] SecurityService exception : 
> org.jboss.soa.esb.services.security.SecurityServiceException: Service 'MyWSProducerService' has been configured for security but no AuthenticationRequest could be located in the Message Context. Cannot authenticate without an AuthenticationRequest.
> 	at org.jboss.soa.esb.listeners.message.ActionProcessingPipeline.processPipeline(ActionProcessingPipeline.java:527)
> 	at org.jboss.soa.esb.listeners.message.ActionProcessingPipeline.process(ActionProcessingPipeline.java:419)
> 	at org.jboss.soa.esb.listeners.message.MessageAwareListener$TransactionalRunner.run(MessageAwareListener.java:540)
> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
> 	at java.lang.Thread.run(Thread.java:636)

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the esb-issues mailing list