[jbossws-issues] [JBoss JIRA] (JBWS-3492) EJB WS authentication not working when using "strict" allRolesMode in server.xml Realm

[Adam Kovari (JIRA)]

Adam Kovari created JBWS-3492:
---------------------------------

             Summary: EJB WS authentication not working when using "strict" allRolesMode in server.xml Realm
                 Key: JBWS-3492
                 URL: https://issues.jboss.org/browse/JBWS-3492
             Project: JBoss Web Services
          Issue Type: Bug
      Security Level: Public (Everyone can see)
          Components: ws-security
         Environment: JBoss Enterprise Application Platform 5.1.2, both WS-native and WS-CXF affected
            Reporter: Adam Kovari
         Attachments: web-service-test-app.ear2

The customer needs to use "strict" mode on Realm in server.xml. By documentation it requires web.xml, however when using EJB Web Services there is no web.xml. Where does it pick authorization configuration from? ejb-jar.xml clearly not but I'm trying to figure out whether it's bug or feature. Please note that using annotations like @RolesRequired and @SecurityDomain is not considered here.

I'm attaching example project web-service-test-app2.ear and jboss_config.zip.

I have also example project when using POJO WS with web.xml. Then authorization works fine even with "strict" mode. Please request if interested.


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira