Uploaded image for project: 'JBoss ESB'
  1. JBoss ESB
  2. JBESB-2000

Service secured by certificate allows processing of non-secured message

    Details

      Description

      I took webservice_producer_secure test and removed the binary token from the message to be delivered
      <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:good="http://webservice_producer/goodbyeworld">
      <soapenv:Body>
      <good:sayGoodbye>
      <message>Goodbye!!</message>
      </good:sayGoodbye>
      </soapenv:Body>
      </soapenv:Envelope>

      I sent the message and I received the following log output
      2008-09-08 15:57:47,404 INFO [STDOUT] Subject : Subject:
      Principal: CN=Daniel Bevenius, OU=JBoss, O=Red Hat, L=Stockholm, ST=Stockholm, C=SE
      Principal: [groupName=Roles, members=[[roleName=adminRole]]]
      Public Credential:
      X.509 Cert Path: length = 1.
      [
      =========================================================Certificate 1 start.
      [
      [
      Version: V1
      Subject: CN=Daniel Bevenius, OU=JBoss, O=Red Hat, L=Stockholm, ST=Stockholm, C=SE
      Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

      Key: Sun RSA public key, 1024 bits
      modulus: 96394299007685713994561177305073714490667979701493101401287029609141406861260879512426765285612012165595912063457551494088923115022429026678765488144518428272539742307006497380494458284715504722740091896431880919504876830696069111637705579321597763064103918824087523754146266813912176353706311845945277748163
      public exponent: 65537
      Validity: [From: Wed Aug 13 15:25:44 CEST 2008,
      To: Sat Dec 29 14:25:44 CET 2035]
      Issuer: CN=Daniel Bevenius, OU=JBoss, O=Red Hat, L=Stockholm, ST=Stockholm, C=SE
      SerialNumber: [ 48a2e0d8]

      ]
      Algorithm: [MD5withRSA]
      Signature:
      0000: 30 B3 97 48 17 01 8D 31 CA C7 47 90 A3 5D C1 A0 0..H...1..G..]..
      0010: 43 CE 58 9B 2C FC F6 CE 66 87 72 2B 7C E3 5A 95 C.X.,...f.r+..Z.
      0020: 9F 4E 69 FC 8D 60 B1 B5 15 BC 43 E1 EA 2F C3 8F .Ni..`....C../..
      0030: 9E EF 74 4F 97 EB AB 0F 6C 8D FA B9 98 AA C9 6A ..tO....l......j
      0040: 84 AF AC 2F 08 90 ED 69 36 E1 48 B9 9C 92 4E E2 .../...i6.H...N.
      0050: A1 7C 0B BD D2 84 43 5E 74 30 F0 6C 8D 64 51 9C ......C^t0.l.dQ.
      0060: 51 8D B5 98 6B 41 F8 E8 D2 AF 2C 78 B8 74 92 07 Q...kA....,x.t..
      0070: 28 9D B7 CD E2 91 E5 95 F3 64 24 F7 1D 48 1B E2 (........d$..H..

      ]
      =========================================================Certificate 1 end.

      ]
      Private Credential: javax.security.auth.x500.X500PrivateCredential@137c653
      2008-09-08 15:57:47,429 INFO [STDOUT] **** SOAPRequest perhaps mediated by ESB:
      <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:good="http://webservice_producer/goodbyeworld">
      <soapenv:Body>
      <good:sayGoodbye>
      <message>Goodbye!!</message>
      </good:sayGoodbye>
      </soapenv:Body>
      </soapenv:Envelope>
      2008-09-08 15:57:47,429 INFO [STDOUT] Web Service Parameter - message=Goodbye!!

      I expect that the message should be rejected because it is not authenticated.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  beve Daniel Bevenius
                  Reporter:
                  jpechanec Jiri Pechanec
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  0 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: