[jboss-user] [JBossWS] - Re: WSSE UsernameToken without HTTP basic auth?

[mikaeljl]

One note on the server side implementation of the WS:
It is not an SLSB. I've used wsconsume and generated java files based on an existing WSDL file.

I think that the execution ends up in the org.jboss.ws.extensions.security.ReceiveUsernameOperation class where the following lines are called:
securityAdaptor.setPrincipal(new SimplePrincipal(user.getUsername()));
  | securityAdaptor.setCredential(user.getPassword());

Also, printing the Principal class gives:
    System.out.println("Getting principal class from SecurityAssociation: " + org.jboss.security.SecurityAssociation.getPrincipal().getClass().getName());
  |  --
  | 2008-01-15 14:49:57,734 INFO  [STDOUT] Getting principal class from SecurityAssociation: org.jboss.ws.extensions.security.SimplePrincipal

So... I've probably done something bad causing the application not to be registered with the JBossWS security domain or ?
I do have <security-domain>java:/jaas/JBossWS</security-domain> in my jboss-web.xml

I also have a jboss-wsse-server.xml file with the following contents:
<?xml version="1.0" encoding="UTF-8"?>
  | <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
  |                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  |                    xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
  | </jboss-ws-security>

I've tried adding:
  <config>
  |     <username/>
  |   </config>
But that did not make it better...

What am I doing wrong?

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4120107#4120107

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4120107