[jboss-user] [JBoss Web Services] New message: "Re: JbossWS username authentication not working"
Bonnie Kenison
do-not-reply at jboss.com
Fri Feb 26 14:41:13 EST 2010
User development,
A new message was posted in the thread "JbossWS username authentication not working":
http://community.jboss.org/message/528880#528880
Author : Bonnie Kenison
Profile : http://community.jboss.org/people/bkenison
Message:
--------------------------------------------------------------
I really just want to secure the web service, ie., require that the soap to the service includes the wsse:security header and that something on the server side verifies that this is the correct username/password. The webservice will run under a web app that does not need to be secured.
This is the webservice request that gets generated:
<env:Envelope xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'>
<env:Header>
<wsse:Security env:mustUnderstand='1' xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'>
<wsse:UsernameToken wsu:Id='token-1-1267205890331-29812760'>
<wsse:Username>kermitabcd</wsse:Username>
<wsse:Password Type='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0#PasswordText'>thefrogefg</wsse:Password>
</wsse:UsernameToken></wsse:Security>
</env:Header>
<env:Body>
<ns2:ping xmlns:ns2="http://localhost:8080/uttestservice"><arg0>Pramod</arg0></ns2:ping>
</env:Body>
</env:Envelope>
I just want something that says - username: kermitabcd and password:thefrogefg is not correct. Right now, the webmethod is being executed regardless of the username/password being sent in.
Bonnie
--------------------------------------------------------------
To reply to this message visit the message page: http://community.jboss.org/message/528880#528880
More information about the jboss-user
mailing list