-
Bug
-
Resolution: Done
-
Major
-
None
-
False
-
None
-
False
-
-
-
-
-
-
-
When the webservice endpoint security is authenticated with a custom Realm and RealmIdentity which always returns null PasswordCredential like :
public class SampleRealmIdentity implements RealmIdentity { private final Principal principal; private final String password; private final Set<String> roles; public SampleRealmIdentity(Principal principal, String password, Set<String> roles) { this.principal = principal; this.password = password; this.roles = roles; } ... @Override public <C extends Credential> C getCredential(Class<C> credentialType) throws RealmUnavailableException { // do not return credentials return null; } @Override public boolean verifyEvidence(Evidence evidence) throws RealmUnavailableException { if (evidence instanceof PasswordGuessEvidence) { PasswordGuessEvidence guess = (PasswordGuessEvidence) evidence; return Arrays.equals(password.toCharArray(), guess.getGuess()); } return false; } ... } @Override public AuthorizationIdentity getAuthorizationIdentity() throws RealmUnavailableException { return AuthorizationIdentity.basicIdentity(getAttributes()); } }
The authentication is always failed as the SubjectCreator expects a null value PasswordCredential.
- clones
-
-
- Open
-
-
-
- Pull Request Sent
-
- is cloned by
-
-
- New
-
- is incorporated by
-
JBEAP-28992 (8.0.z) Upgrade JBossWS-CXF from 7.3.1.Final-redhat-00001 to 7.3.2.Final-redhat-00001
-
- New
-
