]
Jim Ma updated JBWS-2680:
-------------------------
Issue Type: Task (was: Feature Request)
Affects Version/s: jbossws-cxf-5.0.0.Beta1
Authentication realm name hard-coded as
"EJBServiceEndpointServlet Realm"
-------------------------------------------------------------------------
Key: JBWS-2680
URL:
https://issues.jboss.org/browse/JBWS-2680
Project: JBoss Web Services
Issue Type: Task
Components: jbossws-cxf
Affects Versions: jbossws-native-3.0.5, jbossws-cxf-5.0.0.Beta1
Environment: JBossAS 4.2.3 with JBossWS 3.0.5
Reporter: Gerald Turner
Assignee: Jim Ma
Priority: Optional
Fix For: jbossws-cxf-5.0
An EJB3 endpoint defined with annotation @WebContext(authMethod="BASIC")
results in JBossWS generating web.xml metadata equivalent to:
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>EJBServiceEndpointServlet Realm</realm-name>
</login-config>
On one hand this is perfectly acceptable as the realm-name is just a vanity configuration
parameter. However there are scenarios where it would be desirable to allow the
application to override the default value: we migrated from another web services stack to
JBossWS (was JAXWS-RI), some clients of our web services had explicitly configured their
HTTP authentication on their end to match on realm name (one instance was Perl
SOAP::Lite), quite the same way a web browser stores HTTP authentication along with the
realm name such if the realm name changes, the authentication is invalidated - but since
these are machines talking to each other rather than a web browser, it becomes a nightmare
to debug why a client began receiving 401 errors after our upgrade.
It would be nice if the org.jboss.wsf.spi.annotation.WebContext annotation had a
realmName parameter.
I attempted to work on a patch, however I'm confused by how many copies of
WebAppGeneratorDeploymentAspect.java there seem to be under the jbossws/container and
jbossws/framework subversion trees.