[jboss-user] [JBoss Seam] - Seam 2.x, Webservice Security

[estahn]

Hi,

how do i restrict access to webservice methods? I tried to add "@Restrict("#{identity.loggedIn}")" before "createTest", but if i test this with an soap client (e.g. soap ui) i getting no SOAP Exception or something else. It will return the the string "done".

Any ideas?

Enrico

package org.domain.webservices;
  | 
  | import javax.ejb.Stateless;
  | import javax.jws.WebMethod;
  | import javax.jws.WebParam;
  | import javax.jws.WebService;
  | 
  | import org.jboss.seam.annotations.security.Restrict;
  | import org.jboss.seam.security.Identity;
  | import org.jboss.wsf.spi.annotation.WebContext;
  | 
  | @Stateless
  | @WebContext(contextRoot="/TestWS")
  | @WebService(name = "TestService", serviceName = "TestService")
  | public class TenderNoticeCollectorService implements TenderNoticeCollectorServiceRemote
  | {
  | 	@WebMethod
  | 	public boolean login(@WebParam(name="username") String username, @WebParam(name="password") String password) {
  | 		Identity.instance().setUsername(username);
  | 		Identity.instance().setPassword(password);
  | 		Identity.instance().login();
  | 		return Identity.instance().isLoggedIn();
  | 	}
  | 
  | 	@WebMethod
  | 	public boolean logout() {
  | 		Identity.instance().logout();
  | 		return !Identity.instance().isLoggedIn();
  | 	}
  | 
  | 	@WebMethod
  | 	@Restrict("#{identity.loggedIn}")
  | 	public String createTest(@WebParam(name="title") String title)
  | 	{
  | 		return "done";
  | 	}
  | }

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4124333#4124333

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4124333