Tuscany
  1. Tuscany
  2. TUSCANY-2949

helloworld-ws-service-secure problem with security

    Details

      Description

      Sample helloworld-ws-service-secure, web service /HelloWorldService. With correct SOAP all fine, for example

      POST http://192.168.9.64:8085/HelloWorldService HTTP/1.1
      Content-Type: text/xml;charset=UTF-8
      SOAPAction: "urn:getGreetings"
      User-Agent: Jakarta Commons-HttpClient/3.1
      Host: 192.168.9.64:8085
      Content-Length: 1017

      <soapenv:Envelope xmlns:hel="http://helloworld" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
      <soapenv:Header>
      <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <wsse:UsernameToken wsu:Id="UsernameToken-1186583" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      <wsse:Username>TuscanyWsUser</wsse:Username>
      <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">TuscanyWsUserPasswd</wsse:Password>
      <wsse:Nonce>0RkNrWgskQNCqGp1PMqwmw==</wsse:Nonce>
      <wsu:Created>2009-03-27T13:00:24.548Z</wsu:Created>
      </wsse:UsernameToken>
      </wsse:Security>
      </soapenv:Header>
      <soapenv:Body>
      <hel:getGreetings>
      <hel:name>good security</hel:name>
      </hel:getGreetings>
      </soapenv:Body>
      </soapenv:Envelope>

      but with handwrited SOAP (below) Tuscany dont call ServerPWCBHandler but successfully call getGreetings. How to prevent call getGreetings without authentication?

      <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
      <SOAP-ENV:Header>
      <ns1:Security xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <Username>SOA</Username>
      <Password>SOA</Password>
      </ns1:Security>
      </SOAP-ENV:Header>
      <SOAP-ENV:Body>
      <ns0:getGreetings xmlns:ns0="http://helloworld">
      <ns0:name>bad security</ns0:name>
      </ns0:getGreetings>
      </SOAP-ENV:Body>
      </SOAP-ENV:Envelope>

        Activity

        ant elder made changes -
        Component/s SCA Java Runtime [ 12313754 ]
        Component/s Java SCA Embedded Runtime [ 12311645 ]
        ant elder made changes -
        Field Original Value New Value
        Fix Version/s Java-SCA-Next [ 12312358 ]
        Fix Version/s Java-SCA-1.5 [ 12313684 ]
        OlegSmith created issue -

          People

          • Assignee:
            Unassigned
            Reporter:
            OlegSmith
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:

              Development