You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@servicemix.apache.org by "Eduardo Burgos (JIRA)" <ji...@apache.org> on 2007/03/23 20:12:34 UTC
[jira] Created: (SM-895) HttpConsumerEndpoint, security issue
HttpConsumerEndpoint, security issue
------------------------------------
Key: SM-895
URL: https://issues.apache.org/activemq/browse/SM-895
Project: ServiceMix
Issue Type: Bug
Components: servicemix-http
Affects Versions: 3.2
Environment: linux, servicemix-3.2-incubating-SNAPSHOT, desktop pc
Reporter: Eduardo Burgos
Priority: Minor
Fix For: 3.2
Attachments: HttpConsumerEndpoint.diff
Hi,
This is regarding HttpConsumerEndpoint class, which is HttpSoapConsumerEndpoint's superclass. I tried to dynamically deploy a HttpSoapConsumerEndpoint into a servicemix-http, it worked very well, but I noticed some different behavior compared to the old HttpEndpoint. If I used HttpEndpoint, every time I log in using http, the underlying NormalizedMessage carries in the securitySubject a Principal that identifies the user, this is not the case with HttpSoapConsumerEndpoint/HttpConsumerEndpoint. Since those new HttpEndpointTypes now use a marshaler (which is by default the DefaultHttpConsumerMarshaler) then Im not sure if this is actually intended. Is it intended that the HttpConsumerEndpoint is left without this security feature so that I have to actually implement it in a new Marshaler?
Attached is a diff file with my solution regarding changes to HttpConsumerEndpoint class
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (SM-895) HttpConsumerEndpoint, security issue
Posted by "Guillaume Nodet (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/SM-895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Guillaume Nodet resolved SM-895.
--------------------------------
Resolution: Fixed
Assignee: Guillaume Nodet
URL: http://svn.apache.org/viewvc?view=rev&rev=522804
> HttpConsumerEndpoint, security issue
> ------------------------------------
>
> Key: SM-895
> URL: https://issues.apache.org/activemq/browse/SM-895
> Project: ServiceMix
> Issue Type: Bug
> Components: servicemix-http
> Affects Versions: 3.2
> Environment: linux, servicemix-3.2-incubating-SNAPSHOT, desktop pc
> Reporter: Eduardo Burgos
> Assigned To: Guillaume Nodet
> Priority: Minor
> Fix For: 3.2
>
> Attachments: HttpConsumerEndpoint.diff
>
> Original Estimate: 5 minutes
> Remaining Estimate: 5 minutes
>
> Hi,
> This is regarding HttpConsumerEndpoint class, which is HttpSoapConsumerEndpoint's superclass. I tried to dynamically deploy a HttpSoapConsumerEndpoint into a servicemix-http, it worked very well, but I noticed some different behavior compared to the old HttpEndpoint. If I used HttpEndpoint, every time I log in using http, the underlying NormalizedMessage carries in the securitySubject a Principal that identifies the user, this is not the case with HttpSoapConsumerEndpoint/HttpConsumerEndpoint. Since those new HttpEndpointTypes now use a marshaler (which is by default the DefaultHttpConsumerMarshaler) then Im not sure if this is actually intended. Is it intended that the HttpConsumerEndpoint is left without this security feature so that I have to actually implement it in a new Marshaler?
> Attached is a diff file with my solution regarding changes to HttpConsumerEndpoint class
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.