Bug 780058 - (SOA-2423) SOAPProxy does not support access of unauthenticated clients to authenticated proxied service
SOAPProxy does not support access of unauthenticated clients to authenticated...
Product: JBoss Enterprise SOA Platform 5
Classification: JBoss
Component: JBossESB (Show other bugs)
Unspecified Unspecified
high Severity high
: ---
: 5.1.0 GA
Assigned To: Kevin Conner
: Regression
Depends On:
  Show dependency treegraph
Reported: 2010-10-14 06:19 EDT by Jiri Pechanec
Modified: 2011-02-15 03:29 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2011-02-15 03:29:19 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
wsp.zip (19.60 KB, application/zip)
2010-10-14 06:23 EDT, Jiri Pechanec
no flags Details

External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker SOA-2423 None None None Never

  None (edit)
Description Jiri Pechanec 2010-10-14 06:19:17 EDT
project_key: SOA

If there are static authentication information stored for SOAPProxy like

and the SOAPProxy service contains configuration option
<property name="clientCredentialsRequired" value="false" />

Then the client should be able to invoke the service without authentication but now 
HTTP/1.1 401 Unauthorized[\r][\n]

is received.

This scenario worked for 5.0.2
Comment 1 Jiri Pechanec 2010-10-14 06:23:09 EDT
Attachment: Added: wsp.zip
Comment 2 Kevin Conner 2010-10-22 08:18:39 EDT
Link: Added: This issue depends JBESB-3519
Comment 3 Kevin Conner 2010-10-22 08:21:27 EDT
It is not SOAPProxy but, rather, the http gateway which is restricting access.
Comment 4 Laura Bailey 2010-12-16 19:41:22 EST
Writer: Added: Darrin
Comment 5 Laura Bailey 2010-12-16 19:48:01 EST
Release Notes Docs Status: Added: Not Yet Documented
Comment 7 Jiri Pechanec 2011-01-11 05:50:33 EST
Verified in ER6
Comment 8 Laura Bailey 2011-02-15 03:28:01 EST
Reopening to add release note information. Will set back to Closed -> Done shortly.
Comment 9 Laura Bailey 2011-02-15 03:29:19 EST
Setting back to Closed -> Done after adding release note details.
Comment 10 Laura Bailey 2011-02-15 03:29:19 EST
Release Notes Docs Status: Removed: Not Yet Documented Added: Documented as Resolved Issue
Release Notes Text: Added: If authentication information was stored for SOAPProxy, clients without authentication information could not invoke the service, even when the clientCredentialsRequired property was set to false. Authentication is no longer required when this property is false, even if authentication information is stored.

Note You need to log in before you can comment on or make changes to this bug.