Bug 780058 - (SOA-2423) SOAPProxy does not support access of unauthenticated clients to authenticated proxied service
SOAPProxy does not support access of unauthenticated clients to authenticated...
Status: CLOSED NEXTRELEASE
Product: JBoss Enterprise SOA Platform 5
Classification: JBoss
Component: JBossESB (Show other bugs)
5.1.0.ER2
Unspecified Unspecified
high Severity high
: ---
: 5.1.0 GA
Assigned To: Kevin Conner
http://jira.jboss.org/jira/browse/SOA...
: Regression
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-10-14 06:19 EDT by Jiri Pechanec
Modified: 2011-02-15 03:29 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-02-15 03:29:19 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
wsp.zip (19.60 KB, application/zip)
2010-10-14 06:23 EDT, Jiri Pechanec
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker SOA-2423 None None None Never

  None (edit)
Description Jiri Pechanec 2010-10-14 06:19:17 EDT
project_key: SOA

If there are static authentication information stored for SOAPProxy like
auth-username=kermit
auth-password=thefrog

and the SOAPProxy service contains configuration option
<property name="clientCredentialsRequired" value="false" />

Then the client should be able to invoke the service without authentication but now 
HTTP/1.1 401 Unauthorized[\r][\n]

is received.

This scenario worked for 5.0.2
Comment 1 Jiri Pechanec 2010-10-14 06:23:09 EDT
Attachment: Added: wsp.zip
Comment 2 Kevin Conner 2010-10-22 08:18:39 EDT
Link: Added: This issue depends JBESB-3519
Comment 3 Kevin Conner 2010-10-22 08:21:27 EDT
It is not SOAPProxy but, rather, the http gateway which is restricting access.
Comment 4 Laura Bailey 2010-12-16 19:41:22 EST
Writer: Added: Darrin
Comment 5 Laura Bailey 2010-12-16 19:48:01 EST
Release Notes Docs Status: Added: Not Yet Documented
Comment 7 Jiri Pechanec 2011-01-11 05:50:33 EST
Verified in ER6
Comment 8 Laura Bailey 2011-02-15 03:28:01 EST
Reopening to add release note information. Will set back to Closed -> Done shortly.
Comment 9 Laura Bailey 2011-02-15 03:29:19 EST
Setting back to Closed -> Done after adding release note details.
Comment 10 Laura Bailey 2011-02-15 03:29:19 EST
Release Notes Docs Status: Removed: Not Yet Documented Added: Documented as Resolved Issue
Release Notes Text: Added: If authentication information was stored for SOAPProxy, clients without authentication information could not invoke the service, even when the clientCredentialsRequired property was set to false. Authentication is no longer required when this property is false, even if authentication information is stored.

Note You need to log in before you can comment on or make changes to this bug.