[jbossws-dev] [Design of JBoss Web Services] - BASIC auth and WS-Security
thomas.diesler@jboss.com
do-not-reply at jboss.com
Tue Oct 9 05:01:08 EDT 2007
It seems that we use the standard jaxrpc/jaxws properties as WSSE username token
| if (opConfig.getUsername() != null)
| {
| Object user = ctx.get(Stub.USERNAME_PROPERTY);
| Object pass = ctx.get(Stub.PASSWORD_PROPERTY);
|
| if (user == null && pass == null)
| {
| user = ctx.get(BindingProvider.USERNAME_PROPERTY);
| pass = ctx.get(BindingProvider.PASSWORD_PROPERTY);
| }
|
| if (user != null && pass != null)
| {
| operations.add(new OperationDescription<EncodingOperation>(SendUsernameOperation.class, null, user.toString(), pass.toString(), null));
| ctx.put(StubExt.PROPERTY_AUTH_TYPE, StubExt.PROPERTY_AUTH_TYPE_WSSE);
| }
| }
|
The side effect is that the wsse username token will always be sent via BASIC auth.
Is this by design? I thought the wsse username token is independent of transport security.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4092905#4092905
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4092905
More information about the jbossws-dev
mailing list