[jbossws-issues] [JBoss JIRA] Commented: (JBWS-1136) Allow username to be specified in the requires list
Alessio Soldano (JIRA)
jira-events at lists.jboss.org
Fri Jan 18 13:58:21 EST 2008
[ http://jira.jboss.com/jira/browse/JBWS-1136?page=comments#action_12395725 ]
Alessio Soldano commented on JBWS-1136:
---------------------------------------
Given I agree with you about what you say on POJO endpoints, we could nevertheless do what the issue title says i.e. allowing a username element in the require list of the wsse configuration the same way we have for the timestamp, for example. This way we could reject requests that do not have a Username Token. What do you think about?
> Allow username to be specified in the requires list
> ---------------------------------------------------
>
> Key: JBWS-1136
> URL: http://jira.jboss.com/jira/browse/JBWS-1136
> Project: JBoss Web Services
> Issue Type: Feature Request
> Security Level: Public(Everyone can see)
> Components: ws-security
> Affects Versions: jbossws-1.0.1
> Reporter: Darran Lofthouse
> Fix For: community contributions
>
>
> Allow username to be specified in the requires list for endpoints so that messages without the username can be rejected.
> At the moment for EJB endpoints they can be configured using standard J2EE security so if there is no authenticated user the request is rejected, however this can't be done for the POJO endpoints.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jbossws-issues
mailing list