[jira] [Created] (CXF-5660) UsernameTokenInterceptor cannot use subject from WSSecurityEngineResult

Vladimir Kulev (JIRA) Fri, 28 Mar 2014 10:01:01 -0700

Vladimir Kulev created CXF-5660:
-----------------------------------

             Summary: UsernameTokenInterceptor cannot use subject from 
WSSecurityEngineResult
                 Key: CXF-5660
                 URL: https://issues.apache.org/jira/browse/CXF-5660
             Project: CXF
          Issue Type: Bug
          Components: WS-* Components
    Affects Versions: 2.7.10
            Reporter: Vladimir Kulev



When using WS-Security and 
{{org.apache.ws.security.validate.JAASUsernameTokenValidator}}, the later 
populates {{org.apache.ws.security.validate.Credential}} with a 
{{javax.security.auth.Subject}} received from JAAS. It then propagates to 
WSSecurityEngineResult (TAG_SUBJECT). UsernameTokenInterceptor ignores that and 
instead uses {{createSubject}} method, which is always null.

The workaround currently is to force using WSS4JInInterceptor, which precedes 
UsernameTokenInterceptor and handles subject information correctly.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Created] (CXF-5660) UsernameTokenInterceptor cannot use subject from WSSecurityEngineResult

Reply via email to