[jbossws-issues] [JBoss JIRA] Created: (JBWS-2932) Support for HTTP Digest authentication, when acting as a client to an external web service

Ian (JIRA) jira-events at lists.jboss.org
Thu Feb 11 19:33:10 EST 2010 

Support for HTTP Digest authentication, when acting as a client to an external web service
------------------------------------------------------------------------------------------

                 Key: JBWS-2932
                 URL: https://jira.jboss.org/jira/browse/JBWS-2932
             Project: JBoss Web Services
          Issue Type: Feature Request
      Security Level: Public (Everyone can see)
          Components: jbossws-native
    Affects Versions:  jbossws-metro-3.2.1, jbossws-native-3.2.1,  jbossws-cxf-3.2.1
            Reporter: Ian


Please implement HTTP Digest Authentication when acting as a client to an external web service. I don't mean using WS-Security, just using HTTP authentication in a similar that Basic Authentication is used - using JAX-WS code similar to this:

String url = configuration.getString(CONFIG_URL);
BindingProvider provider = (BindingProvider)requestInvoker;
provider.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, username);
provider.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, password);

This code works if run as a standalone java client (probably because Metro supports it). However it doesn't work with JBossWS:
* Native implementation simply doesn't work at all
* Metro implementation has classloading issues when web service calls are made (to do with WS-Addressing I think, I've seen other posts about it).
* CXF has the same issues as Metro

Given from my reading that the WS-Security work supports Digest authentication, it doesn't seem a difficult task. I'd suggest one of two ways to fix it:
1. Implement it in JBossWS native, OR
2. Fix the classloading issues in Metro and/or CXF so those stacks can be used (given they already support it).

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jbossws-issues mailing list