[jboss-user] [JBossWS] - JSR 181 EJB + WS Endpoint Authentication Problem

sappenin do-not-reply at jboss.com
Tue Aug 1 21:36:11 EDT 2006 

I'm encountering a strange authentication/authorization issue.  I'm running JBAS 4.0.4GA_Patch1 and JBossWS1.0.2GA.

I have a JSR181 EJB endpoint exposed as a web-service.

My Port annotation looks thus: 
@PortComponent(
	transportGuarantee="NONE",
	contextRoot = "/sample",
	urlPattern="/InternalApi",
    authMethod="BASIC"
)

I can access the Web-Service via a JSR109 client that is deployed on a separate jBoss machine (i.e., the client is a packaged jar file with application-client.xml, jaxrpc-mapping.xml, and jboss-client.xml, service-wsdl.xml.  I access the client via JNDI lookup).  

However, I can only access the web-service using my J2EE client as long as I package my wsdl file with the client jar.  

I would like to be able to use the "wsdl-override" element of the jboss-client, so that the client simply downloads the wsdl from the remote server instead of referencing a file in my client deployment directory.

This is where things get sticky.
Option 1.) If, in my PortComponent, I have authMethod="BASIC", AND I use the jboss-client.xml "wsdl-override", then I get a 401 error saying that I am not authorized to view the wsdl (this despite specifiying a username/password in the WS Stub call).  However, if I include my wsdl file in the client deployment, and don't try the "wsdl-override" trick, then everything works.

Option 2.) If, in my PortComponent, I have authMethod="NONE", then I get a 403 error, regardless of whether I use the "wsdl-override" or not. 

Option 3.) If I omit the "authMethod" attribute entirely, and try to use the "wsdl-override" trick, then I can view the remote WSDL (for instance, via the web browser), but I get an javax.ejb.EJBAccessExcepion: authorization failure on my WebServices server (as one would expect, since my EJB's require a protected role), and a SOAP fault on the WS client.

In the end, it seems like my Stub Username/Password information is ignored whenever I try to use the "wsdl-override".  

Is what I'm trying to do possible?  I have seen hints in other forum posts (some people have decided to put the WSDL in a different, non-secure URL).  However, in my case, I DO want the WSDL to be secured, along with the endpoint.  

Any thoughts?





View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3962334#3962334

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3962334

More information about the jboss-user mailing list