Should the <globals> configuration be placed in every jboss-esb.xml when applying SOA 5.3.1 Roll-up patch #1 ?
Issue
- I am trying to apply the security patch BZ-915386, in which the last part of the
README.txt
mentioned to changejboss-esb.xml
file:
Additional notes:
This patch introduces changes to CXF that cause target web services invoked by
SOAPClient, that are deployed on SOA-P, to be more restrictive.
The target web services used to behave in a more lenient way towards requests
that had a SOAPAction header and no named action. This previously lenient
behavior is now more restrictive-- a proper name will be required. This can
be seen in the webservice_consumer1 and webservice_consumer2 quickstarts when
used with CXF. Customers adversely affected by this change are advised to
please open a support ticket, Red Hat will assist. We regret any
inconvenience our more strict adherence to spec may cause.
In order to enable WS-Security with this patch applied, you must use the
global
<war-security> configuration element at the beginning of the jboss-esb.xml
file.
For example:
<jbossesb ...>
<globals>
<war-security domain="JBossWS" />
</globals>
...
</jbossesb>
- Should the
<globals>
tag be placed in everyjboss-esb.xml
file or only the web service related esb's? For instance, should thejbossesb.esb
,slsb.esb
,smooks.esb
,soap.esb
be updated with the<globals>
tag?
Environment
- JBoss Enterprise SOA Platform (SOA-P)
- 5.3.1
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.