[jboss-user] [JBoss Web Services] - web-service authentication problem

Christy Christy do-not-reply at jboss.com
Mon Jun 21 04:46:01 EDT 2010 

Christy Christy [http://community.jboss.org/people/christy] created the discussion

"web-service authentication problem"

To view the discussion, visit: http://community.jboss.org/message/548931#548931

--------------------------------------------------------------
Hi to everyone!
I want to secure the endpoint but do not want to secure thr wsdl file. I tried to do it two ways but I can not do it.
The first way: I tried to use annotations. This is my simple POJO web-service:

> @WebContext(contextRoot="/testFormats", urlPattern="/*", authMethod="BASIC", transportGuarantee="NONE", secureWSDLAccess=false)
> @SecurityDomain("JBossWS")
> @RolesAllowed("friend")
> @WebService(
>         portName = "TestFormatsPort",
>         serviceName = "TestFormatsService",
>         targetNamespace = " http://testservices/ http://testservices/"       
> )
> public class TestFormatsService {
>     @WebMethod
>     public int getNumber(Double d) {
>      /////
>     }
In this case wsdl is not secure, but the endpoint is not secure too. I can easy get access to web-service through client stubs.

the second way: I did not used any annotations, I configured web.xml:

> <web-app version='2.4' xmlns=' http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee' xmlns:xsi=' http://www.w3.org/2001/XMLSchema-instance http://www.w3.org/2001/XMLSchema-instance' xsi:schemaLocation=' http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee  http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd'>
>  <servlet>
>   <servlet-name>TestFormatsService</servlet-name>
>   <servlet-class>testservices.TestFormatsService</servlet-class>  
>  </servlet>
>  <servlet-mapping>
>   <servlet-name>TestFormatsService</servlet-name>
>   <url-pattern>/*</url-pattern>
>  </servlet-mapping>
>  
>  <security-constraint>
>   <web-resource-collection>
>    <web-resource-name>All resources</web-resource-name>
>    <url-pattern>/*</url-pattern>
>   </web-resource-collection>
>   <auth-constraint>
>    <role-name>friend</role-name>
>   </auth-constraint>
>  </security-constraint> 
>  <login-config>
>   <auth-method>BASIC</auth-method>
>  </login-config>
>  <security-role>
>   <role-name>friend</role-name>
>  </security-role>
> </web-app>
And I configured +jboss-web.xlm:+
+
+> 
> <?xml version="1.0" encoding="UTF-8"?>
> <jboss-web>
>   <security-domain>java:/jaas/foobar</security-domain>
> </jboss-web>
> 
In this case I have secured wsdl.

Please help me to do the secure endpoint but not secure wsdl.
thanks in advance

--------------------------------------------------------------

Reply to this message by going to Community
[http://community.jboss.org/message/548931#548931]

Start a new discussion in JBoss Web Services at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20100621/dd531a7e/attachment.html

More information about the jboss-user mailing list