[jbossws-issues] [JBoss JIRA] Updated: (JBWS-2680) Authentication realm name hard-coded as "EJBServiceEndpointServlet Realm"

Alessio Soldano (JIRA) jira-events at lists.jboss.org
Wed Jan 13 08:18:30 EST 2010 

     [ https://jira.jboss.org/jira/browse/JBWS-2680?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Alessio Soldano updated JBWS-2680:
----------------------------------

    Fix Version/s: community contributions


Moreover, you're free to provide a patch with just one of the WebAppGeneratorDeploymentAspect.java changed (fix the one you need to test the patch), I can then apply it to all the versions it's required to.

> Authentication realm name hard-coded as "EJBServiceEndpointServlet Realm"
> -------------------------------------------------------------------------
>
>                 Key: JBWS-2680
>                 URL: https://jira.jboss.org/jira/browse/JBWS-2680
>             Project: JBoss Web Services
>          Issue Type: Feature Request
>      Security Level: Public(Everyone can see) 
>          Components: jbossws-native
>    Affects Versions: jbossws-native-3.0.5
>         Environment: JBossAS 4.2.3 with JBossWS 3.0.5
>            Reporter: Gerald Turner
>            Priority: Optional
>             Fix For: community contributions
>
>
> An EJB3 endpoint defined with annotation @WebContext(authMethod="BASIC") results in JBossWS generating web.xml metadata equivalent to:
>   <login-config>
>     <auth-method>BASIC</auth-method>
>     <realm-name>EJBServiceEndpointServlet Realm</realm-name>
>   </login-config>
> On one hand this is perfectly acceptable as the realm-name is just a vanity configuration parameter.  However there are scenarios where it would be desirable to allow the application to override the default value: we migrated from another web services stack to JBossWS (was JAXWS-RI), some clients of our web services had explicitly configured their HTTP authentication on their end to match on realm name (one instance was Perl SOAP::Lite), quite the same way a web browser stores HTTP authentication along with the realm name such if the realm name changes, the authentication is invalidated - but since these are machines talking to each other rather than a web browser, it becomes a nightmare to debug why a client began receiving 401 errors after our upgrade.
> It would be nice if the org.jboss.wsf.spi.annotation.WebContext annotation had a realmName parameter.
> I attempted to work on a patch, however I'm confused by how many copies of WebAppGeneratorDeploymentAspect.java there seem to be under the jbossws/container and jbossws/framework subversion trees.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jbossws-issues mailing list