[jboss-user] [JBoss Web Services] - Web Service authentication
Fabrizio Boco
do-not-reply at jboss.com
Fri Apr 23 10:18:29 EDT 2010
Fabrizio Boco [http://community.jboss.org/people/fboco] created the discussion
"Web Service authentication"
To view the discussion, visit: http://community.jboss.org/message/539248#539248
--------------------------------------------------------------
Hi guys,
I have a seam application that exposes a WebService:
@Stateless
@RemoteBinding(jndiBinding = "Test")
@WebService()
@SOAPBinding(style = Style.RPC)
@Remote(TestWsRemoteInterface.class)
public class TestWs implements TestWsRemoteInterface
{
@PersistenceContext()
private EntityManager entityManager;
@WebMethod
public int method1(bla bla)
{
....
}
....
}
Now I need to secure the methods, that is only authorized users should call them. Userid and password would be sufficient and I don't need any encryption.
Following this document:
http://community.jboss.org/wiki/JBossWS-Authentication http://community.jboss.org/wiki/JBossWS-Authentication
I changed my Web Service as follows:
@Stateless
@RemoteBinding(jndiBinding = "Test")
@WebService()
@SOAPBinding(style = Style.RPC)
@Remote(TestWsRemoteInterface.class)
@SecurityDomain("JBossWS")
@RolesAllowed("friend")
public class TestWs implements TestWsRemoteInterface
{
...
}
Authentication doesn't work, since I am still able to call the web service's methods without any restriction. Likely I am using the wrong configuration.
Can anyone provide me a configuration document / example ?
My environment is jboss 5.1.0, seam 2.2.0.GA.
Thank you in advance
Fab
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/539248#539248]
Start a new discussion in JBoss Web Services at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20100423/be4a7d1e/attachment.html
More information about the jboss-user
mailing list