OK, I keep learning more stuff but it's not getting me where I want to be but I feel I'm getting close.
Here
http://download.oracle.com/docs/cd/E19879-01/819-3669/bnbyw/index.html
I find that the javax.annotation.security annotations can be placed on methods as well as classes. Great, that is what I was missing. Everything compiles, deploys without a hitch. Alas, it doesn't work:
package org.javactivity.ws.ejb;
import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
import javax.ejb.Stateless;
import javax.jws.HandlerChain;
import javax.jws.WebService;
import javax.jws.soap.SOAPBinding;
import org.jboss.ejb3.annotation.SecurityDomain;
import org.jboss.wsf.spi.annotation.WebContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@Stateless
@WebContext(
contextRoot="attrsws-ejb",
urlPattern="/*",
authMethod = "BASIC",
secureWSDLAccess = false)
@SecurityDomain(value = "JBossWS")
@WebService(targetNamespace = "http://org.javactivity/MyService/",
portName="MyServiceSOAP",
serviceName="MyService",
endpointInterface="org.javactivity.ws.ejb.MyServicePort")
@SOAPBinding(style = SOAPBinding.Style.DOCUMENT, parameterStyle = SOAPBinding.ParameterStyle.BARE)
@HandlerChain(file = "handlers.xml")
public class MyServicePortImpl implements MyServicePort {
private static final Logger log = LoggerFactory.getLogger(MyServicePortImpl.class);
private static int nextSession = 0;
@Override
@PermitAll
public int foo(UserTypeType usertype, String username, String key) {
nextSession++;
log.debug("foo returning a value of {}", nextSession);
return nextSession;
}
@Override
@RolesAllowed("friend")
public int login(UserIdentity identity) {
nextSession++;
log.debug("Login returning a value of {}", nextSession);
return nextSession;
}
}
If I supply a bad password, neither method allows access. If I supply a good password, both methods allow access. The annotations are not being recognized.
What ELSE must I do to get these method permissions recognized by JBoss?