780058 – (SOA-2423) SOAPProxy does not support access of unauthenticated clients to authenticated proxied service

Bug 780058 (SOA-2423) - SOAPProxy does not support access of unauthenticated clients to authenticated proxied service

Summary: SOAPProxy does not support access of unauthenticated clients to authenticated...

Keywords:
Status:	CLOSED NEXTRELEASE
Alias:	SOA-2423
Product:	JBoss Enterprise SOA Platform 5
Classification:	JBoss
Component:	JBossESB
Sub Component:
Version:	5.1.0.ER2
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	5.1.0 GA
Assignee:	Kevin Conner
QA Contact:
Docs Contact:
URL:	http://jira.jboss.org/jira/browse/SOA...
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2010-10-14 10:19 UTC by Jiri Pechanec
Modified:	2011-02-15 08:29 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-02-15 08:29:19 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)
wsp.zip (19.60 KB, application/zip) 2010-10-14 10:23 UTC, Jiri Pechanec	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	SOA-2423	0	None	None	None	Never

Description Jiri Pechanec 2010-10-14 10:19:17 UTC

project_key: SOA

If there are static authentication information stored for SOAPProxy like
auth-username=kermit
auth-password=thefrog

and the SOAPProxy service contains configuration option
<property name="clientCredentialsRequired" value="false" />

Then the client should be able to invoke the service without authentication but now 
HTTP/1.1 401 Unauthorized[\r][\n]

is received.

This scenario worked for 5.0.2

Comment 1 Jiri Pechanec 2010-10-14 10:23:09 UTC

Attachment: Added: wsp.zip

Comment 2 Kevin Conner 2010-10-22 12:18:39 UTC

Link: Added: This issue depends JBESB-3519

Comment 3 Kevin Conner 2010-10-22 12:21:27 UTC

It is not SOAPProxy but, rather, the http gateway which is restricting access.

Comment 4 Laura Bailey 2010-12-17 00:41:22 UTC

Writer: Added: Darrin

Comment 5 Laura Bailey 2010-12-17 00:48:01 UTC

Release Notes Docs Status: Added: Not Yet Documented

Comment 7 Jiri Pechanec 2011-01-11 10:50:33 UTC

Verified in ER6

Comment 8 Laura Bailey 2011-02-15 08:28:01 UTC

Reopening to add release note information. Will set back to Closed -> Done shortly.

Comment 9 Laura Bailey 2011-02-15 08:29:19 UTC

Setting back to Closed -> Done after adding release note details.

Comment 10 Laura Bailey 2011-02-15 08:29:19 UTC

Release Notes Docs Status: Removed: Not Yet Documented Added: Documented as Resolved Issue
Release Notes Text: Added: If authentication information was stored for SOAPProxy, clients without authentication information could not invoke the service, even when the clientCredentialsRequired property was set to false. Authentication is no longer required when this property is false, even if authentication information is stored.

Note You need to log in before you can comment on or make changes to this bug.