-
Bug
-
Resolution: Unresolved
-
Blocker
-
None
-
None
-
None
-
None
-
False
-
None
-
False
-
-
-
-
-
-
-
When the webservice endpoint security is authenticated with a custom Realm and RealmIdentity which always returns null PasswordCredential like :
public class SampleRealmIdentity implements RealmIdentity { private final Principal principal; private final String password; private final Set<String> roles; public SampleRealmIdentity(Principal principal, String password, Set<String> roles) { this.principal = principal; this.password = password; this.roles = roles; } ... @Override public <C extends Credential> C getCredential(Class<C> credentialType) throws RealmUnavailableException { // do not return credentials return null; } @Override public boolean verifyEvidence(Evidence evidence) throws RealmUnavailableException { if (evidence instanceof PasswordGuessEvidence) { PasswordGuessEvidence guess = (PasswordGuessEvidence) evidence; return Arrays.equals(password.toCharArray(), guess.getGuess()); } return false; } ... } @Override public AuthorizationIdentity getAuthorizationIdentity() throws RealmUnavailableException { return AuthorizationIdentity.basicIdentity(getAttributes()); } }
The authentication is always failed as the SubjectCreator expects a null value PasswordCredential.
- clones
-
-
- Resolved
-
