On Wed, Sep 5, 2012 at 9:07 PM, Prabath Siriwardena <prab...@wso2.com>wrote:
> IIRC current implementation cannot handle the scenario - where a SOAP > Message comes with an Authorization HTTP header... - which is something we > need to fix... > > So, the correct behavior would be - if it is SOAP (expects UT - we applied > UT) we need to return a SOAP fault - or else send the basic auth challenge.. > if(soap & no sec header) send SOAP fault if(rest & no basic auth headers) send challenge is that what you are saying. Currently we are seeing; if(soap & no sec header) send challenge That is wrong isn't it? > > Thanks & regards, > -Prabath > > On Wed, Sep 5, 2012 at 8:52 PM, Afkham Azeez <az...@wso2.com> wrote: > >> I think there is a problem in the way >> https://wso2.org/jira/browse/CARBONROADMAP-31 has been implemented. >> >> I think the requirement is, if a service has been secured using UT >> policy, the client has two options: >> 1. Send credentials using basic auth HTTP headers >> 2. Send credentials using SOAP headers >> >> The POXSecurityHandler properly handles those two from the looks of it. >> >> However, if the client sends a SOAP message, without the basic auth HTTP >> headers & without SOAP headers, the current implementation of >> the POXSecurityHandler sends a basic auth challenge, and not a SOAP fault, >> which I consider is wrong. >> >> Thoughts? >> >> -- >> *Afkham Azeez* >> Director of Architecture; WSO2, Inc.; http://wso2.com >> Member; Apache Software Foundation; http://www.apache.org/ >> * <http://www.apache.org/>** >> email: **az...@wso2.com* <az...@wso2.com>* cell: +94 77 3320919 >> blog: **http://blog.afkham.org* <http://blog.afkham.org>* >> twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> >> * >> linked-in: **http://lk.linkedin.com/in/afkhamazeez* >> * >> * >> *Lean . Enterprise . Middleware* >> >> > > > -- > Thanks & Regards, > Prabath > > Mobile : +94 71 809 6732 > > http://blog.facilelogin.com > http://RampartFAQ.com > > -- *Afkham Azeez* Director of Architecture; WSO2, Inc.; http://wso2.com Member; Apache Software Foundation; http://www.apache.org/ * <http://www.apache.org/>** email: **az...@wso2.com* <az...@wso2.com>* cell: +94 77 3320919 blog: **http://blog.afkham.org* <http://blog.afkham.org>* twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> * linked-in: **http://lk.linkedin.com/in/afkhamazeez* * * *Lean . Enterprise . Middleware*
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
