[jbossws-issues] [JBoss JIRA] Updated: (JBWS-1991) ReceiveUsernameToken doesn't process authentication

seboonet (JIRA) jira-events at lists.jboss.org
Tue Feb 12 08:54:03 EST 2008 

     [ http://jira.jboss.com/jira/browse/JBWS-1991?page=all ]

seboonet updated JBWS-1991:
---------------------------

    Description: 
ReceiveUsernameToken (via SecurityAdaptorImpl)  delegate setting of username/password directly to SecurityAssociation, without  invoking authentication by JaasSecurityManagerService. I didn't use HttpBasic auth, only soap security header.

Example header:
   <soapenv:Header>
      <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
         <wsse:UsernameToken wsu:Id="token-5-1201603135036-5863106">
            <wsse:Username>some_username_that_should_be_authenticated_by_container</wsse:Username>
            <wsse:Password>some_credentials</wsse:Password>
         </wsse:UsernameToken>
      </wsse:Security>
   </soapenv:Header>


  was:
ReceiveUsernameToken (via SecurityAdaptorImpl)  delegate setting of username/password directly to SecurityAssociation, without  invoking authentication by JaasSecurityManagerService. 

Example header:
   <soapenv:Header>
      <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
         <wsse:UsernameToken wsu:Id="token-5-1201603135036-5863106">
            <wsse:Username>some_username_that_should_be_authenticated_by_container</wsse:Username>
            <wsse:Password>some_credentials</wsse:Password>
         </wsse:UsernameToken>
      </wsse:Security>
   </soapenv:Header>



> ReceiveUsernameToken doesn't process authentication
> ---------------------------------------------------
>
>                 Key: JBWS-1991
>                 URL: http://jira.jboss.com/jira/browse/JBWS-1991
>             Project: JBoss Web Services
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>    Affects Versions:  jbossws-native-2.0.3
>            Reporter: seboonet
>            Priority: Critical
>
> ReceiveUsernameToken (via SecurityAdaptorImpl)  delegate setting of username/password directly to SecurityAssociation, without  invoking authentication by JaasSecurityManagerService. I didn't use HttpBasic auth, only soap security header.
> Example header:
>    <soapenv:Header>
>       <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
>          <wsse:UsernameToken wsu:Id="token-5-1201603135036-5863106">
>             <wsse:Username>some_username_that_should_be_authenticated_by_container</wsse:Username>
>             <wsse:Password>some_credentials</wsse:Password>
>          </wsse:UsernameToken>
>       </wsse:Security>
>    </soapenv:Header>

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jbossws-issues mailing list