[jboss-user] [JBossWS] - Re: WSSE UsernameToken without HTTP basic auth?
mikaeljl
do-not-reply at jboss.com
Tue Jan 15 09:45:44 EST 2008
One note on the server side implementation of the WS:
It is not an SLSB. I've used wsconsume and generated java files based on an existing WSDL file.
I think that the execution ends up in the org.jboss.ws.extensions.security.ReceiveUsernameOperation class where the following lines are called:
securityAdaptor.setPrincipal(new SimplePrincipal(user.getUsername()));
| securityAdaptor.setCredential(user.getPassword());
Also, printing the Principal class gives:
System.out.println("Getting principal class from SecurityAssociation: " + org.jboss.security.SecurityAssociation.getPrincipal().getClass().getName());
| --
| 2008-01-15 14:49:57,734 INFO [STDOUT] Getting principal class from SecurityAssociation: org.jboss.ws.extensions.security.SimplePrincipal
So... I've probably done something bad causing the application not to be registered with the JBossWS security domain or ?
I do have <security-domain>java:/jaas/JBossWS</security-domain> in my jboss-web.xml
I also have a jboss-wsse-server.xml file with the following contents:
<?xml version="1.0" encoding="UTF-8"?>
| <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
| xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
| </jboss-ws-security>
I've tried adding:
<config>
| <username/>
| </config>
But that did not make it better...
What am I doing wrong?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4120107#4120107
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4120107
More information about the jboss-user
mailing list