[jboss-jira] [JBoss JIRA] (WFLY-4289) Authentication bug on one-way JAX-WS methods
Jakub Grabowski (JIRA)
issues at jboss.org
Tue Jan 27 06:13:49 EST 2015
Jakub Grabowski created WFLY-4289:
-------------------------------------
Summary: Authentication bug on one-way JAX-WS methods
Key: WFLY-4289
URL: https://issues.jboss.org/browse/WFLY-4289
Project: WildFly
Issue Type: Bug
Components: Security, Web Services
Affects Versions: 8.2.0.Final
Reporter: Jakub Grabowski
Assignee: Darran Lofthouse
1. For two-way methods basic authentication and autorization works fine. User is authenticated with LDAP module and gets proper role that autorizes invocation. It works just fine. By two-way method I mean method with input and output message defined in WSDL.
2. For one-way methods (return type void) user is not authenticated properly. It results in denial of method invocation.
3. When I remove @RolesAllowed declaration I can see that for two-way methods authentication is correct (pricipal is set to logged user), but for one-way it's not - I get "anonymous" as principal.
4. When I change one-way method to have input and output messages defined in WSDL and update implementation accordingly it suprisingly starts to work as expected.
It's quite serious issue, because currently there's no way to have authorized access to oneway webservice methods.
--
This message was sent by Atlassian JIRA
(v6.3.11#6341)
More information about the jboss-jira
mailing list