[jboss-user] [JBossWS] - WSSE UsernameToken without HTTP basic auth?

Mon, 14 Jan 2008 03:00:04 -0800 

Hi!
I've managed to implement a web service + a client that authenticates with WSSE 
UsernameToken.

My problem is that the client side is always including the HTTP Authorization 
header.
Something like:
Authorization: Basic a2VybWl0OnRoZWZyb2c=

Note, the WSSE data in the SOAP header is also included and looking ok.

How can I keep the client from including the http basic authentication data and 
only include wsse data? Is this possible? What am I missing?

My client is configured with
<config>
  |  <username/>
  |  </config>

I do the following in the client code:
URL securityURL = new File("resources/jboss-wsse-client.xml").toURI().toURL(); 
  | ((StubExt)myServiceStub).setSecurityConfig(securityURL.toExternalForm());
  | ((StubExt)myServiceStub).setConfigName("Standard WSSecurity Client");
  | Map<String, Object> reqContext = bp.getRequestContext();
  | reqContext.put(BindingProvider.USERNAME_PROPERTY, "kermit");
  | reqContext.put(BindingProvider.PASSWORD_PROPERTY, "thefrog");

I guess that the client libraries will pick up the properties set on the 
request ctx and therefore assume that basic auth should be applied?
Is there a way supply the username/pwd info to the WSSecurityDispatcher without 
having the client libraries adding http auth?

I do get everything to work if I add the following to  web.xml on the server 
side
<login-config>
  |       <auth-method>BASIC</auth-method>
  |       <realm-name>JBossWS</realm-name>
  |    </login-config>
but I would really like to only use wsse and not http basic authentication.

The following in org/jboss/ws/core/client/RemotingConnectionImpl.java may be 
what is causing the problem together with implementation of the 
createRemotingMetaData method:
static
  |    {
  |       metadataMap.put(Stub.USERNAME_PROPERTY, "http.basic.username");
  |       metadataMap.put(Stub.PASSWORD_PROPERTY, "http.basic.password");
  |       metadataMap.put(BindingProvider.USERNAME_PROPERTY, 
"http.basic.username");
  |       metadataMap.put(BindingProvider.PASSWORD_PROPERTY, 
"http.basic.password");
  |    }

I'm currently using jbossws 2.0.1.GA

/Mikael

View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4119564#4119564

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4119564
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user

Reply via email to