Community

web-service authentication problem

created by Christy Christy in JBoss Web Services - View the full discussion

Hi to everyone!

I want to secure the endpoint but do not want to secure thr wsdl file. I tried to do it two ways but I can not do it.

The first way: I tried to use annotations. This is my simple POJO web-service:

 

@WebContext(contextRoot="/testFormats", urlPattern="/*", authMethod="BASIC", transportGuarantee="NONE", secureWSDLAccess=false)
@SecurityDomain("JBossWS")
@RolesAllowed("friend")
@WebService(
        portName = "TestFormatsPort",
        serviceName = "TestFormatsService",
        targetNamespace = "http://testservices/"      
)
public class TestFormatsService {
    @WebMethod
    public int getNumber(Double d) {
     /////
    }

In this case wsdl is not secure, but the endpoint is not secure too. I can easy get access to web-service through client stubs.

 

the second way: I did not used any annotations, I configured web.xml:

 

<web-app version='2.4' xmlns='http://java.sun.com/xml/ns/j2ee' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:schemaLocation='http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd'>
<servlet>
  <servlet-name>TestFormatsService</servlet-name>
  <servlet-class>testservices.TestFormatsService</servlet-class> 
</servlet>
<servlet-mapping>
  <servlet-name>TestFormatsService</servlet-name>
  <url-pattern>/*</url-pattern>
</servlet-mapping>

<security-constraint>
  <web-resource-collection>
   <web-resource-name>All resources</web-resource-name>
   <url-pattern>/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
   <role-name>friend</role-name>
  </auth-constraint>
</security-constraint>
<login-config>
  <auth-method>BASIC</auth-method>
</login-config>
<security-role>
  <role-name>friend</role-name>
</security-role>
</web-app>

And I configured jboss-web.xlm:


<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
  <security-domain>java:/jaas/foobar</security-domain>
</jboss-web>

In this case I have secured wsdl.

 

Please help me to do the secure endpoint but not secure wsdl.

thanks in advance

Reply to this message by going to Community

Start a new discussion in JBoss Web Services at Community