On Wed, Sep 5, 2012 at 9:09 PM, Afkham Azeez <[email protected]> wrote: > > > On Wed, Sep 5, 2012 at 9:07 PM, Prabath Siriwardena <[email protected]>wrote: > >> IIRC current implementation cannot handle the scenario - where a SOAP >> Message comes with an Authorization HTTP header... - which is something we >> need to fix... >> >> So, the correct behavior would be - if it is SOAP (expects UT - we >> applied UT) we need to return a SOAP fault - or else send the basic auth >> challenge.. >> > > if(soap & no sec header) send SOAP fault > > if(rest & no basic auth headers) send challenge > > is that what you are saying. >
Yes... > > Currently we are seeing; > > if(soap & no sec header) send challenge > > That is wrong isn't it? > Yes.. agreed.. need to fix it... Thanks & regards, -Prabath > > >> >> Thanks & regards, >> -Prabath >> >> On Wed, Sep 5, 2012 at 8:52 PM, Afkham Azeez <[email protected]> wrote: >> >>> I think there is a problem in the way >>> https://wso2.org/jira/browse/CARBONROADMAP-31 has been implemented. >>> >>> I think the requirement is, if a service has been secured using UT >>> policy, the client has two options: >>> 1. Send credentials using basic auth HTTP headers >>> 2. Send credentials using SOAP headers >>> >>> The POXSecurityHandler properly handles those two from the looks of it. >>> >>> However, if the client sends a SOAP message, without the basic auth HTTP >>> headers & without SOAP headers, the current implementation of >>> the POXSecurityHandler sends a basic auth challenge, and not a SOAP fault, >>> which I consider is wrong. >>> >>> Thoughts? >>> >>> -- >>> *Afkham Azeez* >>> Director of Architecture; WSO2, Inc.; http://wso2.com >>> Member; Apache Software Foundation; http://www.apache.org/ >>> * <http://www.apache.org/>** >>> email: **[email protected]* <[email protected]>* cell: +94 77 3320919 >>> blog: **http://blog.afkham.org* <http://blog.afkham.org>* >>> twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> >>> * >>> linked-in: **http://lk.linkedin.com/in/afkhamazeez* >>> * >>> * >>> *Lean . Enterprise . Middleware* >>> >>> >> >> >> -- >> Thanks & Regards, >> Prabath >> >> Mobile : +94 71 809 6732 >> >> http://blog.facilelogin.com >> http://RampartFAQ.com >> >> > > > -- > *Afkham Azeez* > Director of Architecture; WSO2, Inc.; http://wso2.com > Member; Apache Software Foundation; http://www.apache.org/ > * <http://www.apache.org/>** > email: **[email protected]* <[email protected]>* cell: +94 77 3320919 > blog: **http://blog.afkham.org* <http://blog.afkham.org>* > twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> > * > linked-in: **http://lk.linkedin.com/in/afkhamazeez* > * > * > *Lean . Enterprise . Middleware* > > -- Thanks & Regards, Prabath Mobile : +94 71 809 6732 http://blog.facilelogin.com http://RampartFAQ.com
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
