Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-5660

UsernameTokenInterceptor cannot use subject from WSSecurityEngineResult

    XMLWordPrintableJSON

    Details

    • Estimated Complexity:
      Unknown

      Description

      When using WS-Security and org.apache.ws.security.validate.JAASUsernameTokenValidator, the later populates org.apache.ws.security.validate.Credential with a javax.security.auth.Subject received from JAAS. It then propagates to WSSecurityEngineResult (TAG_SUBJECT). UsernameTokenInterceptor ignores that and instead uses createSubject method, which is always null.

      The workaround currently is to force using WSS4JInInterceptor, which precedes UsernameTokenInterceptor and handles subject information correctly.

        Attachments

          Activity

            People

            • Assignee:
              coheigea Colm O hEigeartaigh
              Reporter:
              lightoze Vladimir Kulev
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: