IIRC current implementation cannot handle the scenario - where a SOAP Message comes with an Authorization HTTP header... - which is something we need to fix...
So, the correct behavior would be - if it is SOAP (expects UT - we applied UT) we need to return a SOAP fault - or else send the basic auth challenge.. Thanks & regards, -Prabath On Wed, Sep 5, 2012 at 8:52 PM, Afkham Azeez <[email protected]> wrote: > I think there is a problem in the way > https://wso2.org/jira/browse/CARBONROADMAP-31 has been implemented. > > I think the requirement is, if a service has been secured using UT policy, > the client has two options: > 1. Send credentials using basic auth HTTP headers > 2. Send credentials using SOAP headers > > The POXSecurityHandler properly handles those two from the looks of it. > > However, if the client sends a SOAP message, without the basic auth HTTP > headers & without SOAP headers, the current implementation of > the POXSecurityHandler sends a basic auth challenge, and not a SOAP fault, > which I consider is wrong. > > Thoughts? > > -- > *Afkham Azeez* > Director of Architecture; WSO2, Inc.; http://wso2.com > Member; Apache Software Foundation; http://www.apache.org/ > * <http://www.apache.org/>** > email: **[email protected]* <[email protected]>* cell: +94 77 3320919 > blog: **http://blog.afkham.org* <http://blog.afkham.org>* > twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> > * > linked-in: **http://lk.linkedin.com/in/afkhamazeez* > * > * > *Lean . Enterprise . Middleware* > > -- Thanks & Regards, Prabath Mobile : +94 71 809 6732 http://blog.facilelogin.com http://RampartFAQ.com
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
