2 Replies Latest reply on May 22, 2008 1:15 PM by asoldano

    Getting username and password without performing authenticat

      Hi,

      I'm developing a jbossws server application that must get Username and Password tokens in header in order to invoke another application with those credentials. A sample request made to my application seems like this.

      <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:mod="http://myapp.com/ws/model">
      <soapenv:Header>
      <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <wsse:UsernameToken>
      <wsse:Username>name</wsse:Username>
      <wsse:Password>pass</wsse:Password>
      </wsse:UsernameToken>
      </wsse:Security>
      </soapenv:Header>
      <soapenv:Body>
      <mod:request>
      a
      </mod:request>
      </soapenv:Body>
      </soapenv:Envelope>

      I have read thread

      http://www.jboss.com/index.html?module=bb&op=viewtopic&t=131719

      but it does not explain exactly what I need. I can not use login-config.xml to store allowed users, because it could be any, that is, my application does not perform authentication at all. I only need to get username and password values to propagate them.

      Maybe with additional information I could provide to you we could find a suitable solution.

      Thank you very much!

        • 1. Re: Getting username and password without performing authent

          Sorry for previous post, it was not formatted properly

          "bortx" wrote:
          Hi,

          I'm developing a jbossws server application that must get Username and Password tokens in header in order to invoke another application with those credentials. A sample request made to my application seems like this.

          
          <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:mod="http://myapp.com/ws/model">
           <soapenv:Header>
           <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
           <wsse:UsernameToken>
           <wsse:Username>name</wsse:Username>
           <wsse:Password>pass</wsse:Password>
           </wsse:UsernameToken>
           </wsse:Security>
           </soapenv:Header>
           <soapenv:Body>
           <mod:request>
           <param>a</param>
           </mod:request>
           </soapenv:Body>
          </soapenv:Envelope>
          


          I have read thread

          http://www.jboss.com/index.html?module=bb&op=viewtopic&t=131719

          but it does not explain exactly what I need. I can not use login-config.xml to store allowed users, because it could be any, that is, my application does not perform authentication at all. I only need to get username and password values to propagate them.

          Maybe with additional information I could provide to you we could find a suitable solution.

          Thank you very much!


          • 2. Re: Getting username and password without performing authent
            asoldano

            If you need the principal without authentication, you can either set no security domain for your endpoint or provide a custom security domain that does not authenticate with something like this in the login-config.xml:

            <application-policy name = "no-auth">
             <authentication>
             <login-module code = "org.jboss.security.ClientLoginModule" flag = "required">
             </login-module>
             </authentication>
            </application-policy>
            


            Then configure jbossws to use ws-security with the username token profile and get the principal in your endpoint implementation.