Hello there!
We have a fully operational client/server application that uses JBossWS at server side and Axis2C at client side to provide Web Service communication.
We are just using "username autentication" and "timestamp validation" WS-Security features as shown below on "jboss-wsse-server.xml" file:
<?xml version="1.0" encoding="UTF-8"?>
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jboss.com/ws-security/config
http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
<config>
<requires/>
<timestamp ttl="60" />
<authenticate>
<usernameAuth />
</authenticate>
<authorize>
<role>AllowedRole01</role>
<role>AllowedRole02</role>
</authorize>
</config>
<timestamp-verification createdTolerance="30" warnCreated="true" expiresTolerance="10" warnExpires="true" />
</jboss-ws-security>
Now we need to use SSL for all Web Services provided by our application.
Following Alessio Soldano's article at http://community.jboss.org/wiki/JBossWS-SecureTransport#Client_side, we were able to make SSL work changing file "web.xml" accordingly to alternative 2.
The problem is that we want to use the first approach with "@WebContext" annotation.
I've reverted "web.xml" configurations and changed current annotation from just:
@WebService( name = "user" )
@EndpointConfig( configName = "Standard WSSecurity Endpoint" )
@SecurityDomain( "CrossServerWS" )
public class UserWSImpl extends AbstractBaseWS implements IUserWS {
To:
@WebService( name = "user" )
@EndpointConfig( configName = "Standard WSSecurity Endpoint" )
@SecurityDomain( "SECURITY_DOMAIN" )
@WebContext
(
contextRoot = "/CONTEXT_ROOT",
urlPattern = "/user",
transportGuarantee = "CONFIDENTIAL",
secureWSDLAccess = false
)
public class UserWSImpl extends AbstractBaseWS implements IUserWS {
But it didn't work.
Am I missing something ?
Please let me know if you guys need any more information to figure out the problem.
Thank's a lot and best regards,
Mauro.