Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-4189

SY is not allowing use of user-provided security domain (in spite of SWITCHYARD-2130)

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • jboss-fuse-6.2.1
    • jboss-fuse-6.2.1
    • SwitchYard
    • None
    • % %
    • Hide

      1. Make a SwitchYard application that has a SOAP reference. Add an interceptor. (see sample configuration below).
      2. Using a debugger or println, examine state of the interceptor as it executes. We will find that:
      SwitchYardSecurityDomainContext has a
      SecurityDomainContextAdapter that has a
      SecurityDomainContext that has a
      JBossMappingManager that has a security domain of 'other' (even though switchyard.xml specifies some other security domain).

      See attached screenshot for debugger view.

      Interceptor example can be found in 'SubjectCreatingInterceptor' as described at https://docs.jboss.org/author/display/JBWS/WS-Security#WS-Security-Authenticationandauthorization.

      Interceptor configuration:

      <sca:service name="SomeWS" promote="Route/SomeWS-Eingang">
      <sca:interface.wsdl interface="SomeWSService.wsdl#wsdl.porttype(SomeWS)"/>
      <soap:binding.soap name="SomeWS-Eingang-SOAPBinding">
      [...]
      <soap:inInterceptors>
      <soap:interceptor class="customer.framework.ws.server.security.saml.SubjectCreatingSAMLPolicyInterceptor"/>
      </soap:inInterceptors>
      [...]
      </soap:binding.soap>
      </sca:service>

      Show
      1. Make a SwitchYard application that has a SOAP reference. Add an interceptor. (see sample configuration below). 2. Using a debugger or println, examine state of the interceptor as it executes. We will find that: SwitchYardSecurityDomainContext has a SecurityDomainContextAdapter that has a SecurityDomainContext that has a JBossMappingManager that has a security domain of 'other' (even though switchyard.xml specifies some other security domain). See attached screenshot for debugger view. Interceptor example can be found in 'SubjectCreatingInterceptor' as described at https://docs.jboss.org/author/display/JBWS/WS-Security#WS-Security-Authenticationandauthorization . Interceptor configuration: <sca:service name="SomeWS" promote="Route/SomeWS-Eingang"> <sca:interface.wsdl interface="SomeWSService.wsdl#wsdl.porttype(SomeWS)"/> <soap:binding.soap name="SomeWS-Eingang-SOAPBinding"> [...] <soap:inInterceptors> <soap:interceptor class="customer.framework.ws.server.security.saml.SubjectCreatingSAMLPolicyInterceptor"/> </soap:inInterceptors> [...] </soap:binding.soap> </sca:service>

    Description

      We have a customer that is trying to make use of a user-specified security domain. This functionality is well-documented and should be available.

      The issue has been reported on a community tracker [1], it was supposed to have been fixed with SwitchYard 2.0. But our customer is reporting the same issue with their pre-release version of Fuse 6.2.1, which should have a fixed SY included.

      The customer case is especially important, they have been in prolonged discussions with both GSS and PM (Keith).

      [1] https://issues.jboss.org/browse/SWITCHYARD-2130

      Attachments

        Activity

          People

            Unassigned Unassigned
            rhn-support-rick Rick Wagner
            Stefan Veres Stefan Veres
            Votes:
            1 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: