[jboss-user] [JBoss Web Services] - web-service authentication problem
Christy Christy
do-not-reply at jboss.com
Mon Jun 21 04:46:01 EDT 2010
Christy Christy [http://community.jboss.org/people/christy] created the discussion
"web-service authentication problem"
To view the discussion, visit: http://community.jboss.org/message/548931#548931
--------------------------------------------------------------
Hi to everyone!
I want to secure the endpoint but do not want to secure thr wsdl file. I tried to do it two ways but I can not do it.
The first way: I tried to use annotations. This is my simple POJO web-service:
> @WebContext(contextRoot="/testFormats", urlPattern="/*", authMethod="BASIC", transportGuarantee="NONE", secureWSDLAccess=false)
> @SecurityDomain("JBossWS")
> @RolesAllowed("friend")
> @WebService(
> portName = "TestFormatsPort",
> serviceName = "TestFormatsService",
> targetNamespace = " http://testservices/ http://testservices/"
> )
> public class TestFormatsService {
> @WebMethod
> public int getNumber(Double d) {
> /////
> }
In this case wsdl is not secure, but the endpoint is not secure too. I can easy get access to web-service through client stubs.
the second way: I did not used any annotations, I configured web.xml:
> <web-app version='2.4' xmlns=' http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee' xmlns:xsi=' http://www.w3.org/2001/XMLSchema-instance http://www.w3.org/2001/XMLSchema-instance' xsi:schemaLocation=' http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd'>
> <servlet>
> <servlet-name>TestFormatsService</servlet-name>
> <servlet-class>testservices.TestFormatsService</servlet-class>
> </servlet>
> <servlet-mapping>
> <servlet-name>TestFormatsService</servlet-name>
> <url-pattern>/*</url-pattern>
> </servlet-mapping>
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>All resources</web-resource-name>
> <url-pattern>/*</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>friend</role-name>
> </auth-constraint>
> </security-constraint>
> <login-config>
> <auth-method>BASIC</auth-method>
> </login-config>
> <security-role>
> <role-name>friend</role-name>
> </security-role>
> </web-app>
And I configured +jboss-web.xlm:+
+
+>
> <?xml version="1.0" encoding="UTF-8"?>
> <jboss-web>
> <security-domain>java:/jaas/foobar</security-domain>
> </jboss-web>
>
In this case I have secured wsdl.
Please help me to do the secure endpoint but not secure wsdl.
thanks in advance
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/548931#548931]
Start a new discussion in JBoss Web Services at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20100621/dd531a7e/attachment.html
More information about the jboss-user
mailing list