[jbossws-issues] [JBoss JIRA] Commented: (JBWS-1991) ReceiveUsernameToken doesn't process authentication
seboonet (JIRA)
jira-events at lists.jboss.org
Tue Feb 12 08:50:03 EST 2008
[ http://jira.jboss.com/jira/browse/JBWS-1991?page=comments#action_12399214 ]
seboonet commented on JBWS-1991:
--------------------------------
Ejb3 Endpoint:
@Stateless
@WebService(name = "KpaEchoJWS", targetNamespace = "http://www.some.somain.xxx/kpa/echo/1.0.0")
@WebContext(contextRoot = "/kpa/gateway", virtualHosts = "", secureWSDLAccess = false, urlPattern = "/KpaEchoJWS/*")
@EndpointConfig(configName = "Standard WSSecurity Endpoint")
@RolesAllowed({"SOME_ROLE1","SOME_ROLE2"})
public class KpaEchoJWSImpl implements KpaEchoJWS {
@Resource
WebServiceContext ctx;
public String echo(String msg) {
System.out.println(ctx.getUserPrincipal());
return msg;
}
}
> ReceiveUsernameToken doesn't process authentication
> ---------------------------------------------------
>
> Key: JBWS-1991
> URL: http://jira.jboss.com/jira/browse/JBWS-1991
> Project: JBoss Web Services
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Affects Versions: jbossws-native-2.0.3
> Reporter: seboonet
> Priority: Critical
>
> ReceiveUsernameToken (via SecurityAdaptorImpl) delegate setting of username/password directly to SecurityAssociation, without invoking authentication by JaasSecurityManagerService.
> Example header:
> <soapenv:Header>
> <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
> <wsse:UsernameToken wsu:Id="token-5-1201603135036-5863106">
> <wsse:Username>some_username_that_should_be_authenticated_by_container</wsse:Username>
> <wsse:Password>some_credentials</wsse:Password>
> </wsse:UsernameToken>
> </wsse:Security>
> </soapenv:Header>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jbossws-issues
mailing list