cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel Kulp (JIRA)" <j...@apache.org>
Subject [jira] Commented: (CXF-2754) Extend WS-Security component for higher level containers be able to use UsernameToken to authenticate a user and populate SecurityContext
Date Tue, 06 Apr 2010 17:13:33 GMT

    [ https://issues.apache.org/jira/browse/CXF-2754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12854068#action_12854068
] 

Daniel Kulp commented on CXF-2754:
----------------------------------


I don't think I added a real test.    I was working with Dennis Sosnoski for his latest article:

http://www.ibm.com/developerworks/webservices/library/j-jws13.html?ca=drs-

If you look at the very first wsdl, there is a TransportBinding element commented as a bug
in 2.2.6.   With 2.2.7, if you remove that TransportBinding, not only does it work, but it
changes over to the more optimized streaming version that doesn't involve the WSS4J stuff
that involves the SAAJ stuff.



> Extend WS-Security component for higher level containers be able to use UsernameToken
 to authenticate a user and populate SecurityContext  
> --------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: CXF-2754
>                 URL: https://issues.apache.org/jira/browse/CXF-2754
>             Project: CXF
>          Issue Type: Improvement
>          Components: WS-* Components
>    Affects Versions: 2.3, 2.2.8
>            Reporter: Sergey Beryozkin
>            Assignee: Sergey Beryozkin
>             Fix For: 2.3, 2.2.8
>
>
> By default, WSS4JInInterceptor relies on CallbackHandlers to provide or validate a password
for handling digests and clear-texts respectively.
> Also, the default SecurityContext is partially populated and thus can not be used for
the authorization decisions.
> Higher level containers should be able to delegate to their own subsystems for authenticating
a user and populating SecurityContext

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message