[SOA-2423] SOAPProxy does not support access of unauthenticated clients to authenticated proxied service - JBoss Issue Tracker

XML

Word

Printable

Affects Testing:

Regression
Release Notes Text:

Hide
If authentication information was stored for SOAPProxy, clients without authentication information could not invoke the service, even when the clientCredentialsRequired property was set to false. Authentication is no longer required when this property is false, even if authentication information is stored.

Show
If authentication information was stored for SOAPProxy, clients without authentication information could not invoke the service, even when the clientCredentialsRequired property was set to false. Authentication is no longer required when this property is false, even if authentication information is stored.
Release Notes Docs Status:
Documented as Resolved Issue

If there are static authentication information stored for SOAPProxy like
auth-username=kermit
auth-password=thefrog

and the SOAPProxy service contains configuration option
<property name="clientCredentialsRequired" value="false" />

Then the client should be able to invoke the service without authentication but now
HTTP/1.1 401 Unauthorized[\r][\n]

is received.

This scenario worked for 5.0.2

is blocked by

JBESB-3519 ESB war file generation can create authentication configuration which prevents access