[
https://issues.apache.org/jira/browse/CXF-5660?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh resolved CXF-5660.
--------------------------------------
Resolution: Fixed
> UsernameTokenInterceptor cannot use subject from WSSecurityEngineResult
> -----------------------------------------------------------------------
>
> Key: CXF-5660
> URL: https://issues.apache.org/jira/browse/CXF-5660
> Project: CXF
> Issue Type: Bug
> Components: WS-* Components
> Affects Versions: 2.7.10
> Reporter: Vladimir Kulev
> Assignee: Colm O hEigeartaigh
> Labels: JAAS, ws-security
> Fix For: 3.0.0, 2.7.11
>
>
> When using WS-Security and
> {{org.apache.ws.security.validate.JAASUsernameTokenValidator}}, the later
> populates {{org.apache.ws.security.validate.Credential}} with a
> {{javax.security.auth.Subject}} received from JAAS. It then propagates to
> WSSecurityEngineResult (TAG_SUBJECT). UsernameTokenInterceptor ignores that
> and instead uses {{createSubject}} method, which is always null.
> The workaround currently is to force using WSS4JInInterceptor, which precedes
> UsernameTokenInterceptor and handles subject information correctly.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
