[jboss-user] [JBossWS] - Re: WSSE UsernameToken without HTTP basic auth?

mikaeljl do-not-reply at jboss.com
Mon Jan 26 10:02:22 EST 2009 

Hi!

Sorry for the the delay...

I've tried the new username token support now and it seams to work fine.
Build info:
Version: jbossws-native-3.0.6-SNAPSHOT
Build: 200901151503

Example of SOAP request:

  | POST /lab_1_wsdl_first/HelloService HTTP/1.1
  | SOAPAction: ""
  | Content-Type: text/xml; charset=UTF-8
  | JBoss-Remoting-Version: 22
  | User-Agent: JBossRemoting - 2.2.2.SP8
  | Host: localhost:8080
  | Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
  | Connection: keep-alive
  | Transfer-Encoding: chunked
  | 
  | <env:Envelope xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'><env:Header><wsse:Security env:mustUnderstand='1' xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'><wsu:Timestamp wsu:Id='timestamp'><wsu:Created>2009-01-26T14:36:28.871Z</wsu:Created><wsu:Expires>2009-01-26T14:41:28.871Z</wsu:Expires></wsu:Timestamp><wsse:UsernameToken wsu:Id='token-1-1232980588873-16780239'><wsse:Username>someuser</wsse:Username><wsse:Password Type='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText'>somepassword</wsse:Password></wsse:UsernameToken></wsse:Security></env:Header><env:Body><ns1:HelloData xmlns:ns1="http://www.redpill.se/training/ws/hello/HelloService"><helloMessage>Lab1Client</helloMessage></ns1:HelloData></env:Body></env:Envelope>
  | 

I.e. no http basic authentication.
I've added 
  <security-domain>java:/jaas/JBossWS</security-domain>
to jboss-web.xml
And the following to jboss-wsse-server.xml:

  | <jboss-ws-security>
  |     <config>
  |     <authorize>      
  |       <unchecked/>
  |     </authorize>
  |   </config>
  |   </jboss-ws-security>
  | 
And i can now control access through the conf/props/jbossws-users.properties file.
Without properly configured credentials I get a message saying:
"The security token could not be authenticated or authorized."
So everything seems to be ok this far.

However, I've noticed that if I do:
	@Resource
	javax.xml.ws.WebServiceContext wsCtx;
wsCtx.getUserPrincipal() will return null.
Is this the expected result?


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4204724#4204724

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4204724

More information about the jboss-user mailing list