[
https://issues.apache.org/activemq/browse/SM-895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Guillaume Nodet resolved SM-895.
--------------------------------
Resolution: Fixed
Assignee: Guillaume Nodet
URL: http://svn.apache.org/viewvc?view=rev&rev=522804
> HttpConsumerEndpoint, security issue
> ------------------------------------
>
> Key: SM-895
> URL: https://issues.apache.org/activemq/browse/SM-895
> Project: ServiceMix
> Issue Type: Bug
> Components: servicemix-http
> Affects Versions: 3.2
> Environment: linux, servicemix-3.2-incubating-SNAPSHOT, desktop pc
> Reporter: Eduardo Burgos
> Assigned To: Guillaume Nodet
> Priority: Minor
> Fix For: 3.2
>
> Attachments: HttpConsumerEndpoint.diff
>
> Original Estimate: 5 minutes
> Remaining Estimate: 5 minutes
>
> Hi,
> This is regarding HttpConsumerEndpoint class, which is
> HttpSoapConsumerEndpoint's superclass. I tried to dynamically deploy a
> HttpSoapConsumerEndpoint into a servicemix-http, it worked very well, but I
> noticed some different behavior compared to the old HttpEndpoint. If I used
> HttpEndpoint, every time I log in using http, the underlying
> NormalizedMessage carries in the securitySubject a Principal that identifies
> the user, this is not the case with
> HttpSoapConsumerEndpoint/HttpConsumerEndpoint. Since those new
> HttpEndpointTypes now use a marshaler (which is by default the
> DefaultHttpConsumerMarshaler) then Im not sure if this is actually intended.
> Is it intended that the HttpConsumerEndpoint is left without this security
> feature so that I have to actually implement it in a new Marshaler?
> Attached is a diff file with my solution regarding changes to
> HttpConsumerEndpoint class
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
