Hi!
Thank you for the answer.
I have more questions though:
You are saying that:
"The Username token sent in the SOAP Message is the one used by the endpoint
server/stack to authenticate the user who is performing this request."
Good, this is what I want, I want the user to be authenticated based on the
UsernameToken.
However,I do not want to secure the servlet as such on http level. I do not
want to use http basic authentication in addition to the UsernameToken.
As you can see in my previous posts I've been trying to set this up without
successes. As soon as I remove the HTTP basic auth authentication I can no
lnger retrieve the principal information using the standard API. I can see that
the WSEE data is parsed because I can get the principal info using:
org.jboss.security.SecurityAssociation.getPrincipal() but no authentication
seems to take place.
Do you have any examples of UsernameToken without http basic auth where the
user is athenticated based on the UsernameToken data? The example under
/src/test/java/org/jboss/test/ws/jaxws/samples/wssecurity will be using http
basic auth since it is default. Will this example work if http basic auth is
removed ???
There implementation of the server is simply doing
Principal principal = wsCtx.getUserPrincipal();
| log.info("getUsernameToken: " + principal);
| return principal.toString();
| But will this really work if http basic auth is not enabled?
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4120370#4120370
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4120370
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user
