Hello,
I'm trying to secure a web service with basic http authentication, but I want to keep
all JBoss-specific configuration out of my code. Therefore, I need some pointers as to how
to express the @WebContext annotation (used to specify BASIC http authentication) in the
jboss.xml deployment descriptor.
In more detail:
I have my service implemented as a stateless session bean. I have found the following code
works perfectly to require authorization, but uses JBoss-specific annotations (marked in
bold font):
@Stateless
|
@WebService@SecurityDomain("JBossWS")@RolesAllowed("someRole")@WebContext(authMethod
= "BASIC", transportGuarantee = "NONE", secureWSDLAccess =
false)public class MyWSBean {
| //...
| }
|
I therefore remove the @SecurityDomain and @WebContext annotations and added a jboss.xml
deployment descriptor as follows:
<?xml version="1.0" encoding="UTF-8"?>
|
<jboss> <security-domain>java:/jaas/JBossWS</security-domain> <enterprise-beans>
| <session>
| <ejb-name>MyWSBean</ejb-name>
| <port-component>
|
<port-component-name>MyWSBean</port-component-name> <auth-method>BASIC</auth-method> </port-component>
| </session>
| </enterprise-beans>
| </jboss>
However, the configuration is not picked up for some reason. All attempts to access the
web service fail due to an authorization failure. I can tell that the jboss.xml file is
pared because if I mistype something (e.g. use
<ejb-name>MyWSBeanWILLNOTMATCH</ejb-name>, or
<security-domain>ThisDoesNotExist</security-domain>) then JBoss complains
during deployment that the bean / realm does not exist.
Specifically, I verified that my jboss.xml works for replacing the @SecurityDomain
annotation by leaving @WebContext in the code and specifying the domain with the
<security-domain> tag in jboss.xml: this works.
Can anybody help me out with the proper deployment descriptor content for replacing the
@WebContext?
P.S. No other deployment descriptors exists (no webservices.xml and the ejb-jar.xml is
empty).
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4168135#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...