cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Glen Mazza (JIRA)" <>
Subject [jira] Commented: (CXF-2873) Add authentication support (via HTTP basic authentication)
Date Sun, 04 Jul 2010 20:12:49 GMT


Glen Mazza commented on CXF-2873:

This is the method you're referring to Sergey that Tomasz should implement, correct?

I would guess *only* digest authentication should be allowed and not the basic auth (
because of the potential sensitivity of the SOAP request messages being viewed by the log

However, I don't see how supporting username/token as an additional method can provide additional
security, as you're just creating another door into the system with a potentially unsecure
(buggy) lock.  Username/Token also requires nonces and timestamp restraints (and the digest
based on the same[1]) that AFAIK aren't even handled with CXF's basic SOAP usernameToken/password


> Add authentication support (via HTTP basic authentication)
> ----------------------------------------------------------
>                 Key: CXF-2873
>                 URL:
>             Project: CXF
>          Issue Type: Sub-task
>            Reporter: Tomasz Oponowicz

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message