[jbossws-issues] [JBoss JIRA] Commented: (JBWS-1991) ReceiveUsernameToken doesn't process authentication

seboonet (JIRA) jira-events at lists.jboss.org
Tue Feb 12 08:50:03 EST 2008 

    [ http://jira.jboss.com/jira/browse/JBWS-1991?page=comments#action_12399214 ] 
            
seboonet commented on JBWS-1991:
--------------------------------

Ejb3 Endpoint:

@Stateless
@WebService(name = "KpaEchoJWS", targetNamespace = "http://www.some.somain.xxx/kpa/echo/1.0.0")
@WebContext(contextRoot = "/kpa/gateway", virtualHosts = "", secureWSDLAccess = false, urlPattern = "/KpaEchoJWS/*")
@EndpointConfig(configName = "Standard WSSecurity Endpoint")
@RolesAllowed({"SOME_ROLE1","SOME_ROLE2"})        
public class KpaEchoJWSImpl implements KpaEchoJWS {

    @Resource
    WebServiceContext ctx;

    public String echo(String msg) {
        System.out.println(ctx.getUserPrincipal());
        return msg;
    }

}


> ReceiveUsernameToken doesn't process authentication
> ---------------------------------------------------
>
>                 Key: JBWS-1991
>                 URL: http://jira.jboss.com/jira/browse/JBWS-1991
>             Project: JBoss Web Services
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>    Affects Versions:  jbossws-native-2.0.3
>            Reporter: seboonet
>            Priority: Critical
>
> ReceiveUsernameToken (via SecurityAdaptorImpl)  delegate setting of username/password directly to SecurityAssociation, without  invoking authentication by JaasSecurityManagerService. 
> Example header:
>    <soapenv:Header>
>       <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
>          <wsse:UsernameToken wsu:Id="token-5-1201603135036-5863106">
>             <wsse:Username>some_username_that_should_be_authenticated_by_container</wsse:Username>
>             <wsse:Password>some_credentials</wsse:Password>
>          </wsse:UsernameToken>
>       </wsse:Security>
>    </soapenv:Header>

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jbossws-issues mailing list