Sorry for previous post, it was not formatted properly
I'm developing a jbossws server application that must get Username and Password tokens in header in order to invoke another application with those credentials. A sample request made to my application seems like this.
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:mod="http://myapp.com/ws/model"> <soapenv:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:UsernameToken> <wsse:Username>name</wsse:Username> <wsse:Password>pass</wsse:Password> </wsse:UsernameToken> </wsse:Security> </soapenv:Header> <soapenv:Body> <mod:request> <param>a</param> </mod:request> </soapenv:Body> </soapenv:Envelope>
I have read thread
but it does not explain exactly what I need. I can not use login-config.xml to store allowed users, because it could be any, that is, my application does not perform authentication at all. I only need to get username and password values to propagate them.
Maybe with additional information I could provide to you we could find a suitable solution.
Thank you very much!
If you need the principal without authentication, you can either set no security domain for your endpoint or provide a custom security domain that does not authenticate with something like this in the login-config.xml:
<application-policy name = "no-auth"> <authentication> <login-module code = "org.jboss.security.ClientLoginModule" flag = "required"> </login-module> </authentication> </application-policy>
Then configure jbossws to use ws-security with the username token profile and get the principal in your endpoint implementation.