[jbossws-issues] [JBoss JIRA] (JBWS-3492) EJB WS authentication not working when using "strict" allRolesMode in server.xml Realm

[Adam Kovari (JIRA)]

     [ https://issues.jboss.org/browse/JBWS-3492?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Adam Kovari updated JBWS-3492:
------------------------------

    Attachment: web-service-test-app.ear2

    
> EJB WS authentication not working when using "strict" allRolesMode in server.xml Realm
> --------------------------------------------------------------------------------------
>
>                 Key: JBWS-3492
>                 URL: https://issues.jboss.org/browse/JBWS-3492
>             Project: JBoss Web Services
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: ws-security
>         Environment: JBoss Enterprise Application Platform 5.1.2, both WS-native and WS-CXF affected
>            Reporter: Adam Kovari
>              Labels: jboss
>         Attachments: web-service-test-app.ear2
>
>
> The customer needs to use "strict" mode on Realm in server.xml. By documentation it requires web.xml, however when using EJB Web Services there is no web.xml. Where does it pick authorization configuration from? ejb-jar.xml clearly not but I'm trying to figure out whether it's bug or feature. Please note that using annotations like @RolesRequired and @SecurityDomain is not considered here.
> I'm attaching example project web-service-test-app2.ear and jboss_config.zip.
> I have also example project when using POJO WS with web.xml. Then authorization works fine even with "strict" mode. Please request if interested.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira