<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<body link="#355491" alink="#4262a1" vlink="#355491" style="background: #e2e2e2; margin: 0; padding: 20px;">
<div>
<table cellpadding="0" bgcolor="#FFFFFF" border="0" cellspacing="0" style="border: 1px solid #dadada; margin-bottom: 30px; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tbody>
<tr>
<td>
<table border="0" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF" style="border: solid 2px #ccc; background: #dadada; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tbody>
<tr>
<td bgcolor="#000000" valign="middle" height="58px" style="border-bottom: 1px solid #ccc; padding: 20px; -moz-border-radius-topleft: 3px; -moz-border-radius-topright: 3px; -webkit-border-top-right-radius: 5px; -webkit-border-top-left-radius: 5px;">
<h1 style="color: #333333; font: bold 22px Arial, Helvetica, sans-serif; margin: 0; display: block !important;">
<!-- To have a header image/logo replace the name below with your img tag -->
<!-- Email clients will render the images when the message is read so any image -->
<!-- must be made available on a public server, so that all recipients can load the image. -->
<a href="http://community.jboss.org/index.jspa" style="text-decoration: none; color: #E1E1E1">Community</a></h1>
</td>
</tr>
<tr>
<td bgcolor="#FFFFFF" style="font: normal 12px Arial, Helvetica, sans-serif; color:#333333; padding: 20px; -moz-border-radius-bottomleft: 4px; -moz-border-radius-bottomright: 4px; -webkit-border-bottom-right-radius: 5px; -webkit-border-bottom-left-radius: 5px;"><h3 style="margin: 10px 0 5px; font-size: 17px; font-weight: normal;">
web-service authentication problem
</h3>
<span style="margin-bottom: 10px;">
created by <a href="http://community.jboss.org/people/christy">Christy Christy</a> in <i>JBoss Web Services</i> - <a href="http://community.jboss.org/message/548931#548931">View the full discussion</a>
</span>
<hr style="margin: 20px 0; border: none; background-color: #dadada; height: 1px;">
<div class="jive-rendered-content"><p>Hi to everyone!</p><p>I want to secure the endpoint but do not want to secure thr wsdl file. I tried to do it two ways but I can not do it.</p><p>The first way: I tried to use annotations. This is my simple POJO web-service:</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><blockquote class="jive-quote"><p>@WebContext(contextRoot="/testFormats", urlPattern="/*", authMethod="BASIC", transportGuarantee="NONE", secureWSDLAccess=false)<br/>@SecurityDomain("JBossWS")<br/>@RolesAllowed("friend")<br/>@WebService(<br/>        portName = "TestFormatsPort",<br/>        serviceName = "TestFormatsService",<br/><span>        targetNamespace = "</span><a class="jive-link-external-small" href="http://testservices/" target="_blank">http://testservices/</a><span>"       </span><br/>)<br/>public class TestFormatsService {<br/>    @WebMethod<br/>    public int getNumber(Double d) {<br/>     /////<br/>    }</p></blockquote><p>In this case wsdl is not secure, but the endpoint is not secure too. I can easy get access to web-service through client stubs.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>the second way: I did not used any annotations, I configured web.xml:</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><blockquote class="jive-quote"><p><span><web-app version='2.4' xmlns='</span><a class="jive-link-external-small" href="http://java.sun.com/xml/ns/j2ee" target="_blank">http://java.sun.com/xml/ns/j2ee</a><span>' xmlns:xsi='</span><a class="jive-link-external-small" href="http://www.w3.org/2001/XMLSchema-instance" target="_blank">http://www.w3.org/2001/XMLSchema-instance</a><span>' xsi:schemaLocation='</span><a class="jive-link-external-small" href="http://java.sun.com/xml/ns/j2ee" target="_blank">http://java.sun.com/xml/ns/j2ee</a><span> </span><a class="jive-link-external-small" href="http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" target="_blank">http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd</a><span>'></span><br/> <servlet><br/>  <servlet-name>TestFormatsService</servlet-name><br/>  <servlet-class>testservices.TestFormatsService</servlet-class>  <br/> </servlet><br/> <servlet-mapping><br/>  <servlet-name>TestFormatsService</servlet-name><br/>  <url-pattern>/*</url-pattern><br/> </servlet-mapping><br/> <br/> <security-constraint><br/>  <web-resource-collection><br/>   <web-resource-name>All resources</web-resource-name><br/>   <url-pattern>/*</url-pattern><br/>  </web-resource-collection><br/>  <auth-constraint><br/>   <role-name>friend</role-name><br/>  </auth-constraint><br/> </security-constraint> <br/> <login-config><br/>  <auth-method>BASIC</auth-method><br/> </login-config><br/> <security-role><br/>  <role-name>friend</role-name><br/> </security-role><br/></web-app></p></blockquote><p>And I configured <em>jboss-web.xlm:</em></p><p><em><br/></em><blockquote class="jive-quote"><div>
<pre><?xml version="1.0" encoding="UTF-8"?><br/><jboss-web><br/>  <security-domain>java:/jaas/foobar</security-domain><br/></jboss-web></pre>
</div>
</blockquote></p><p>In this case I have secured wsdl.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Please help me to do the secure endpoint but not secure wsdl.</p><p>thanks in advance</p></div>
<div style="background-color: #f4f4f4; padding: 10px; margin-top: 20px;">
<p style="margin: 0;">Reply to this message by <a href="http://community.jboss.org/message/548931#548931">going to Community</a></p>
<p style="margin: 0;">Start a new discussion in JBoss Web Services at <a href="http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044">Community</a></p>
</div></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</div>
</body>
</html>