Hello.
I've followed the authentication guide (http://community.jboss.org/wiki/JBossWS-Authentication) and have (mostly) successfully implemented basic security on a POJO web service.
The problem I'm having though is that my client requires two-sets of authentication setting; once for the HTTP basic authentication, and again in the request context (same user and password). Is there a way I can set it so that the user only needs to authenticate at the request context level?
My files are as follows...
Service
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.4" xmlns=http://java.sun.com/xml/ns/j2ee
xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>securityWs_PoC</display-name>
<servlet> <servlet-name>secureWs</servlet-name> <servlet-class>com.securityWs.SecureWs</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>secureWs</servlet-name> <url-pattern>/secureWs</url-pattern> </servlet-mapping> <welcome-file-list> <welcome-file>index.html</welcome-file> <welcome-file>index.htm</welcome-file> <welcome-file>index.jsp</welcome-file> <welcome-file>default.html</welcome-file> <welcome-file>default.htm</welcome-file> <welcome-file>default.jsp</welcome-file> </welcome-file-list>
</web-resource-collection> <auth-constraint> <role-name>friend</role-name> </auth-constraint> </security-constraint> <security-role> <role-name>friend</role-name> </security-role> <login-config> <auth-method>BASIC</auth-method> <realm-name>JBossWS</realm-name> </login-config> </web-app>
jboss-web.xml
<jboss-web>
<security-domain>java:/jaas/JBossWS</security-domain>
</jboss-web>
SecureWs.java
package com.securityWs;
import javax.jws.WebService;
@WebService
public class SecureWs {
public String echo(String word){ return word+" "+word; }
}
Client
TestSecureClient.java
package com.secureClient;
import static org.junit.Assert.assertEquals;
Thanks.