Uploaded image for project: 'JBoss Web Services'
  1. JBoss Web Services
  2. JBWS-2932

Support for HTTP Digest authentication, when acting as a client to an external web service


    • Type: Feature Request
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: jbossws-cxf-3.2.1, jbossws-native-3.2.1, jbossws-metro-3.2.1
    • Fix Version/s: jbossws-cxf-4.1.0.Final
    • Component/s: jbossws-cxf
    • Labels:


      Please implement HTTP Digest Authentication when acting as a client to an external web service. I don't mean using WS-Security, just using HTTP authentication in a similar that Basic Authentication is used - using JAX-WS code similar to this:

      String url = configuration.getString(CONFIG_URL);
      BindingProvider provider = (BindingProvider)requestInvoker;
      provider.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, username);
      provider.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, password);

      This code works if run as a standalone java client (probably because Metro supports it). However it doesn't work with JBossWS:

      • Native implementation simply doesn't work at all
      • Metro implementation has classloading issues when web service calls are made (to do with WS-Addressing I think, I've seen other posts about it).
      • CXF has the same issues as Metro

      Given from my reading that the WS-Security work supports Digest authentication, it doesn't seem a difficult task. I'd suggest one of two ways to fix it:
      1. Implement it in JBossWS native, OR
      2. Fix the classloading issues in Metro and/or CXF so those stacks can be used (given they already support it).

        Gliffy Diagrams




              • Assignee:
                jim.ma Jim Ma
                hirowla Ian Ian
              • Votes:
                1 Vote for this issue
                4 Start watching this issue


                • Created: