1 Reply Latest reply on Oct 9, 2007 9:58 AM by Jason Greene

    BASIC auth and WS-Security

    Thomas Diesler Master

      It seems that we use the standard jaxrpc/jaxws properties as WSSE username token

       if (opConfig.getUsername() != null)
       {
       Object user = ctx.get(Stub.USERNAME_PROPERTY);
       Object pass = ctx.get(Stub.PASSWORD_PROPERTY);
      
       if (user == null && pass == null)
       {
       user = ctx.get(BindingProvider.USERNAME_PROPERTY);
       pass = ctx.get(BindingProvider.PASSWORD_PROPERTY);
       }
      
       if (user != null && pass != null)
       {
       operations.add(new OperationDescription<EncodingOperation>(SendUsernameOperation.class, null, user.toString(), pass.toString(), null));
       ctx.put(StubExt.PROPERTY_AUTH_TYPE, StubExt.PROPERTY_AUTH_TYPE_WSSE);
       }
       }
      


      The side effect is that the wsse username token will always be sent via BASIC auth.

      Is this by design? I thought the wsse username token is independent of transport security.