[
https://issues.apache.org/jira/browse/CXF-3462?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13022119#comment-13022119
]
Glen Mazza commented on CXF-3462:
---------------------------------
What are the benefits of having an STS validate BasicAuth info? Is this for
Token issuance (i.e., after validating via Basic Auth the STS will generate a
token to the client) or just pure validation ("Yup. That username/password
combo is good.") without a token being generated? If the former, I think
WS-Trust would require upgrading to UsernameToken (not just basic auth), and
there may be legitimate security reasons for that. If the latter, that would
seem to be outside the scope of the STS (there's normally service-side callback
handlers that can be used for that type of validation.)
> Provide CXF interceptor making it easy to use STS for validating BasicAuth
> info
> -------------------------------------------------------------------------------
>
> Key: CXF-3462
> URL: https://issues.apache.org/jira/browse/CXF-3462
> Project: CXF
> Issue Type: New Feature
> Components: WS-* Components
> Affects Versions: 2.4
> Reporter: Sergey Beryozkin
> Fix For: 2.4.1
>
>
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
