HTTP Authentication / Authorization does not work with SwitchYard RESTEasy binding in FSW 6.0.0
Issue
- We are exposing services using RESTEasy binding in SwitchYard applications. We are trying to secure those services.
- However, we were not able to get the credentials passed via the
"Authorization"
HTTP header. - After additional checking, we found that the
ServletRequestCredentialExtractor
is only referenced inSOAPBindingData
, inside theextractCredentials()
method defined by theSecurityBindingData
interface. - A quick look at the
RESTEasyBindingData
code showed that it implementsBindingData
only (and notSecurityBindingData
), hence credentials are not extracted from anywhere.
Environment
- Red Hat JBoss Fuse Service Works (FSW)
- 6.0.0
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.