[jboss-user] [JBossWS] - WSSE UsernameToken without HTTP basic auth?
mikaeljl
do-not-reply at jboss.com
Mon Jan 14 05:59:46 EST 2008
Hi!
I've managed to implement a web service + a client that authenticates with WSSE UsernameToken.
My problem is that the client side is always including the HTTP Authorization header.
Something like:
Authorization: Basic a2VybWl0OnRoZWZyb2c=
Note, the WSSE data in the SOAP header is also included and looking ok.
How can I keep the client from including the http basic authentication data and only include wsse data? Is this possible? What am I missing?
My client is configured with
<config>
| <username/>
| </config>
I do the following in the client code:
URL securityURL = new File("resources/jboss-wsse-client.xml").toURI().toURL();
| ((StubExt)myServiceStub).setSecurityConfig(securityURL.toExternalForm());
| ((StubExt)myServiceStub).setConfigName("Standard WSSecurity Client");
| Map<String, Object> reqContext = bp.getRequestContext();
| reqContext.put(BindingProvider.USERNAME_PROPERTY, "kermit");
| reqContext.put(BindingProvider.PASSWORD_PROPERTY, "thefrog");
I guess that the client libraries will pick up the properties set on the request ctx and therefore assume that basic auth should be applied?
Is there a way supply the username/pwd info to the WSSecurityDispatcher without having the client libraries adding http auth?
I do get everything to work if I add the following to web.xml on the server side
<login-config>
| <auth-method>BASIC</auth-method>
| <realm-name>JBossWS</realm-name>
| </login-config>
but I would really like to only use wsse and not http basic authentication.
The following in org/jboss/ws/core/client/RemotingConnectionImpl.java may be what is causing the problem together with implementation of the createRemotingMetaData method:
static
| {
| metadataMap.put(Stub.USERNAME_PROPERTY, "http.basic.username");
| metadataMap.put(Stub.PASSWORD_PROPERTY, "http.basic.password");
| metadataMap.put(BindingProvider.USERNAME_PROPERTY, "http.basic.username");
| metadataMap.put(BindingProvider.PASSWORD_PROPERTY, "http.basic.password");
| }
I'm currently using jbossws 2.0.1.GA
/Mikael
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4119564#4119564
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4119564
More information about the jboss-user
mailing list