[jboss-user] [JBossWS] - Re: WSSE UsernameToken without HTTP basic auth?

mikaeljl do-not-reply at jboss.com
Mon Jan 14 11:03:58 EST 2008 

So, adding:
      reqContext.put(StubExt.PROPERTY_AUTH_TYPE, StubExt.PROPERTY_AUTH_TYPE_WSSE);
  | 
to the client side removed the http auth header.

Guess this is because the org.jboss.ws.core.client.RemotingConnectionImpl-createRemotingMetaData method is called before the WSSecurityDispatcher calls ctx.put(StubExt.PROPERTY_AUTH_TYPE, StubExt.PROPERTY_AUTH_TYPE_WSSE); ? By setting this property from the client this is avoided.

The problem now is that I can no longer the the login to work properly on the server side.
What should I put in web.xml ? I've tried with
<security-constraint>
  |     <web-resource-collection>
  |       <web-resource-name>ProtectedResource</web-resource-name>
  |       <url-pattern>/*</url-pattern>
  |     </web-resource-collection>
  |     <auth-constraint>
  |       <role-name>friend</role-name>
  |     </auth-constraint>
  |   </security-constraint>
  |   <!-- We do not want http basic authentication   
  |   <login-config>
  |     <auth-method>BASIC</auth-method>
  |     <realm-name>JBossWS</realm-name>
  |   </login-config>
  |   -->
  |   <security-role>
  |     <role-name>friend</role-name>
  |   </security-role>
  | 

But that results in the application not being authorized, I've tried to remove the security-constraint but then I can no longer retrieve the current principal information from within my WS implementation...
I've tried to retrieve it using:
Subject caller = (Subject) PolicyContext.getContext(SUBJECT_CONTEXT_KEY);
  | 
and:
@Resource
  |  javax.xml.ws.WebServiceContext wsCtx;
  | java.security.Principal principal = wsCtx.getUserPrincipal();
But both return null data.

How should I retrive the principal data when using wsse usernametoken?

I can see in the traces that the security information is picked up:
2008-01-14 16:54:37,113 TRACE [org.jboss.security.SecurityAssociation] getSubject, sc=org.jboss.security.SecurityAssociation$SubjectContext at 1b6c763{principal=kermit,subject=null}
But how to retrieve it?


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4119700#4119700

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4119700

More information about the jboss-user mailing list