[
https://issues.apache.org/jira/browse/CXF-2754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12854068#action_12854068
]
Daniel Kulp commented on CXF-2754:
----------------------------------
I don't think I added a real test. I was working with Dennis Sosnoski for
his latest article:
http://www.ibm.com/developerworks/webservices/library/j-jws13.html?ca=drs-
If you look at the very first wsdl, there is a TransportBinding element
commented as a bug in 2.2.6. With 2.2.7, if you remove that TransportBinding,
not only does it work, but it changes over to the more optimized streaming
version that doesn't involve the WSS4J stuff that involves the SAAJ stuff.
> Extend WS-Security component for higher level containers be able to use
> UsernameToken to authenticate a user and populate SecurityContext
> --------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: CXF-2754
> URL: https://issues.apache.org/jira/browse/CXF-2754
> Project: CXF
> Issue Type: Improvement
> Components: WS-* Components
> Affects Versions: 2.3, 2.2.8
> Reporter: Sergey Beryozkin
> Assignee: Sergey Beryozkin
> Fix For: 2.3, 2.2.8
>
>
> By default, WSS4JInInterceptor relies on CallbackHandlers to provide or
> validate a password for handling digests and clear-texts respectively.
> Also, the default SecurityContext is partially populated and thus can not be
> used for the authorization decisions.
> Higher level containers should be able to delegate to their own subsystems
> for authenticating a user and populating SecurityContext
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
