Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-14048

API Client Connector form doesn't validate security fields

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • fuse-7.8-GA
    • fuse-7.8-GA
    • Fuse Online
    • None
    • % %
    • build2
    • Hide
      1. From the API Client Connector wizard, upload one of the WSDL files provided in this issue, or any you have on hand.
      2. In the Security step, select 'Basic Auth' or 'WS Security' if available.
      3. See required fields, but the Next button is enabled regardless, and allows you to continue.

       

      Show
      From the API Client Connector wizard, upload one of the WSDL files provided in this issue, or any you have on hand. In the Security step, select 'Basic Auth' or 'WS Security' if available. See required fields, but the Next button is enabled regardless, and allows you to continue.  

    Description

      At the moment the API client connector wizard is not validating forms properly, specifically in the security step.

      For reference, here are the requirements for the security types for the SOAP connector.

       

      SOAP security type relationships:

      Authentication Type -
      1. None - nothing else to display
        2. HTTP Basic Authentication -
          2.1 Username
          2.2 Password
      3. WS-Security Username Token -
        3.1 Username
        3.2 Password Type -
          3.2.1 None - don't show Password field
          3.2.2 Text
          3.2.3 Digest
        3.2 Password - only if type is not none
        3.3 Timestamp
        3.4 Username Token Nonce
        3.5 Username Token Created

      WS-Security (SOAP):

      • We have to force the user to enter something in `username` for ws-security, but because of the other relationships in the security types, it's optional at the component level (in terms of the API).
      • `password` is also the same way for ws-security, it becomes required if `passwordType` is not none
      • when the `passwordType` is set to `PasswordDigest`, the user must enter a `password`, which the backend uses to compute a digest at integration run time

      Attachments

        Activity

          People

            ryordan@redhat.com Rachel Yordán
            ryordan@redhat.com Rachel Yordán
            Matej Kralik Matej Kralik
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: