[jira] Created: (TUSCANY-2949) helloworld-ws-service-secure problem with security

Fri, 27 Mar 2009 06:17:24 -0700 

helloworld-ws-service-secure problem with security
--------------------------------------------------

                 Key: TUSCANY-2949
                 URL: https://issues.apache.org/jira/browse/TUSCANY-2949
             Project: Tuscany
          Issue Type: Bug
          Components: Java SCA Axis Binding Extension, Java SCA Embedded 
Runtime, Java SCA Policy, Java SCA Samples
    Affects Versions: Java-SCA-1.4
            Reporter: OlegSmith
            Priority: Critical
             Fix For: Java-SCA-1.5


Sample helloworld-ws-service-secure, web service /HelloWorldService. With 
correct SOAP all fine, for example

POST http://192.168.9.64:8085/HelloWorldService HTTP/1.1
Content-Type: text/xml;charset=UTF-8
SOAPAction: "urn:getGreetings"
User-Agent: Jakarta Commons-HttpClient/3.1
Host: 192.168.9.64:8085
Content-Length: 1017

<soapenv:Envelope xmlns:hel="http://helloworld"; 
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";>
   <soapenv:Header>
      <wsse:Security soapenv:mustUnderstand="1" 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
         <wsse:UsernameToken wsu:Id="UsernameToken-1186583" 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
            <wsse:Username>TuscanyWsUser</wsse:Username>
            <wsse:Password 
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>TuscanyWsUserPasswd</wsse:Password>
            <wsse:Nonce>0RkNrWgskQNCqGp1PMqwmw==</wsse:Nonce>
            <wsu:Created>2009-03-27T13:00:24.548Z</wsu:Created>
         </wsse:UsernameToken>
      </wsse:Security>
   </soapenv:Header>
   <soapenv:Body>
      <hel:getGreetings>
         <hel:name>good security</hel:name>
      </hel:getGreetings>
   </soapenv:Body>
</soapenv:Envelope>

but with handwrited SOAP (below) Tuscany dont call ServerPWCBHandler but 
successfully call getGreetings. How to prevent call getGreetings without 
authentication?

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; 
xmlns:xsd="http://www.w3.org/2001/XMLSchema"; 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
  <SOAP-ENV:Header>
    <ns1:Security 
xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
      <Username>SOA</Username>
      <Password>SOA</Password>
    </ns1:Security>
  </SOAP-ENV:Header>
  <SOAP-ENV:Body>
    <ns0:getGreetings xmlns:ns0="http://helloworld";>
      <ns0:name>bad security</ns0:name>
    </ns0:getGreetings>
  </SOAP-ENV:Body>
</SOAP-ENV:Envelope>


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to