[jira] Updated: (TUSCANY-2949) helloworld-ws-service-secure problem with security

Wed, 20 May 2009 22:09:22 -0700 

     [ 
https://issues.apache.org/jira/browse/TUSCANY-2949?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

ant elder updated TUSCANY-2949:
-------------------------------

    Fix Version/s:     (was: Java-SCA-1.5)
                   Java-SCA-Next

> helloworld-ws-service-secure problem with security
> --------------------------------------------------
>
>                 Key: TUSCANY-2949
>                 URL: https://issues.apache.org/jira/browse/TUSCANY-2949
>             Project: Tuscany
>          Issue Type: Bug
>          Components: Java SCA Axis Binding Extension, Java SCA Embedded 
> Runtime, Java SCA Policy, Java SCA Samples
>    Affects Versions: Java-SCA-1.4
>            Reporter: OlegSmith
>            Priority: Critical
>             Fix For: Java-SCA-Next
>
>
> Sample helloworld-ws-service-secure, web service /HelloWorldService. With 
> correct SOAP all fine, for example
> POST http://192.168.9.64:8085/HelloWorldService HTTP/1.1
> Content-Type: text/xml;charset=UTF-8
> SOAPAction: "urn:getGreetings"
> User-Agent: Jakarta Commons-HttpClient/3.1
> Host: 192.168.9.64:8085
> Content-Length: 1017
> <soapenv:Envelope xmlns:hel="http://helloworld"; 
> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";>
>    <soapenv:Header>
>       <wsse:Security soapenv:mustUnderstand="1" 
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
>          <wsse:UsernameToken wsu:Id="UsernameToken-1186583" 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
>             <wsse:Username>TuscanyWsUser</wsse:Username>
>             <wsse:Password 
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>TuscanyWsUserPasswd</wsse:Password>
>             <wsse:Nonce>0RkNrWgskQNCqGp1PMqwmw==</wsse:Nonce>
>             <wsu:Created>2009-03-27T13:00:24.548Z</wsu:Created>
>          </wsse:UsernameToken>
>       </wsse:Security>
>    </soapenv:Header>
>    <soapenv:Body>
>       <hel:getGreetings>
>          <hel:name>good security</hel:name>
>       </hel:getGreetings>
>    </soapenv:Body>
> </soapenv:Envelope>
> but with handwrited SOAP (below) Tuscany dont call ServerPWCBHandler but 
> successfully call getGreetings. How to prevent call getGreetings without 
> authentication?
> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; 
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"; 
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
>   <SOAP-ENV:Header>
>     <ns1:Security 
> xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
>       <Username>SOA</Username>
>       <Password>SOA</Password>
>     </ns1:Security>
>   </SOAP-ENV:Header>
>   <SOAP-ENV:Body>
>     <ns0:getGreetings xmlns:ns0="http://helloworld";>
>       <ns0:name>bad security</ns0:name>
>     </ns0:getGreetings>
>   </SOAP-ENV:Body>
> </SOAP-ENV:Envelope>

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to