Bug 780058 (SOA-2423)

Summary: SOAPProxy does not support access of unauthenticated clients to authenticated proxied service
Product: [JBoss] JBoss Enterprise SOA Platform 5 Reporter: Jiri Pechanec <jpechane>
Component: JBossESBAssignee: Kevin Conner <kevin.conner>
Status: CLOSED NEXTRELEASE QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: 5.1.0.ER2Keywords: Regression
Target Milestone: ---   
Target Release: 5.1.0 GA   
Hardware: Unspecified   
OS: Unspecified   
URL: http://jira.jboss.org/jira/browse/SOA-2423
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-02-15 08:29:19 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
wsp.zip none

Description Jiri Pechanec 2010-10-14 10:19:17 UTC 
project_key: SOA

If there are static authentication information stored for SOAPProxy like
auth-username=kermit
auth-password=thefrog

and the SOAPProxy service contains configuration option
<property name="clientCredentialsRequired" value="false" />

Then the client should be able to invoke the service without authentication but now 
HTTP/1.1 401 Unauthorized[\r][\n]

is received.

This scenario worked for 5.0.2
Comment 1 Jiri Pechanec 2010-10-14 10:23:09 UTC 
Attachment: Added: wsp.zip
Comment 2 Kevin Conner 2010-10-22 12:18:39 UTC 
Link: Added: This issue depends JBESB-3519
Comment 3 Kevin Conner 2010-10-22 12:21:27 UTC 
It is not SOAPProxy but, rather, the http gateway which is restricting access.
Comment 4 Laura Bailey 2010-12-17 00:41:22 UTC 
Writer: Added: Darrin
Comment 5 Laura Bailey 2010-12-17 00:48:01 UTC 
Release Notes Docs Status: Added: Not Yet Documented
Comment 7 Jiri Pechanec 2011-01-11 10:50:33 UTC 
Verified in ER6
Comment 8 Laura Bailey 2011-02-15 08:28:01 UTC 
Reopening to add release note information. Will set back to Closed -> Done shortly.
Comment 9 Laura Bailey 2011-02-15 08:29:19 UTC 
Setting back to Closed -> Done after adding release note details.
Comment 10 Laura Bailey 2011-02-15 08:29:19 UTC 
Release Notes Docs Status: Removed: Not Yet Documented Added: Documented as Resolved Issue
Release Notes Text: Added: If authentication information was stored for SOAPProxy, clients without authentication information could not invoke the service, even when the clientCredentialsRequired property was set to false. Authentication is no longer required when this property is false, even if authentication information is stored.