[jbossws-issues] [JBoss JIRA] (JBWS-3485) JBoss AS 7 requires authentication for unsecured @WebMethod

Richard Opalka (JIRA) jira-events at lists.jboss.org
Mon Apr 16 02:41:17 EDT 2012 

    [ https://issues.jboss.org/browse/JBWS-3485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12684332#comment-12684332 ] 

Richard Opalka commented on JBWS-3485:
--------------------------------------

1) There's no way to see generated web.xml ATM
2) The 'EJBWebServiceEndpointServlet Realm' is automagically generated and yes,
   it's created & destroyed along with the application.
                
> JBoss AS 7 requires authentication for unsecured @WebMethod
> -----------------------------------------------------------
>
>                 Key: JBWS-3485
>                 URL: https://issues.jboss.org/browse/JBWS-3485
>             Project: JBoss Web Services
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>         Environment: Mac OS X, Apple JDK 1.6.31, JBoss AS 7.1.1.Final
>            Reporter: Abhijit Sarkar
>
> *** Not sure about component or affect versions, please excuse ***
> Have a simple EJB3 Endpoint with 3 methods, one unannotated, another annotated @PermitAll and the other one annotated @RolesAllowed. Using security domain "other" with 2 users, details shown below. JBoss returns 401 when the unannotated/unsecured method is invoked without proper authorization. It shouldn't care about authentication or authorization for the unannotated/unsecured method.
> Attached with the forum post is a project that demonstrates the problem. The post started of on an incorrect understanding but ends with the correct one so please read it fully before commenting.
> # application-users.properties #
> # is for illustration only and does not correspond to a usable password.
> #
> #admin=2a0923285184943425d1f53ddd58ec7a
> user=8544a03c79aee5b1c99458d83ee0f9e0
> guest=1bb6b7c18b5c1dab17f5141fa398905a
> # application-roles.properties #
> #
> #admin=PowerUser,BillingAdmin,
> #guest=guest
> user=AppUser
> guest=AppGuest

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jbossws-issues mailing list