[
https://issues.jboss.org/browse/JBWS-3700?page=com.atlassian.jira.plugin....
]
Jim Ma edited comment on JBWS-3700 at 9/10/13 2:37 AM:
-------------------------------------------------------
can you please try to configure the security constraint to servlet like the follow example
to see if it works ?
{code}
<servlet>
<servlet-name>HelloImpl</servlet-name>
<servlet-class>org.jboss.test.ws.jaxws.jbws2307.HelloImpl</servlet-class>
<load-on-startup>0</load-on-startup>
<security-role-ref>
<role-name>FRN</role-name>
<role-link>friend</role-link>
</security-role-ref>
</servlet>
<servlet-mapping>
<servlet-name>HelloImpl</servlet-name>
<url-pattern>/jaxws/Hello</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>54</session-timeout>
</session-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>WSHelloSecureService</web-resource-name>
<url-pattern>/jaxws/*</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>friend</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>default</realm-name>
</login-config>
<security-role>
<role-name>friend</role-name>
</security-role>
{code}
was (Author: jim.ma):
can you please configure the security constraint to servlet like the follow example to
see if it works ?
{code}
<servlet>
<servlet-name>HelloImpl</servlet-name>
<servlet-class>org.jboss.test.ws.jaxws.jbws2307.HelloImpl</servlet-class>
<load-on-startup>0</load-on-startup>
<security-role-ref>
<role-name>FRN</role-name>
<role-link>friend</role-link>
</security-role-ref>
</servlet>
<servlet-mapping>
<servlet-name>HelloImpl</servlet-name>
<url-pattern>/jaxws/Hello</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>54</session-timeout>
</session-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>WSHelloSecureService</web-resource-name>
<url-pattern>/jaxws/*</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>friend</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>default</realm-name>
</login-config>
<security-role>
<role-name>friend</role-name>
</security-role>
{code}
Unable to Check Roles in One-Way Operations
-------------------------------------------
Key: JBWS-3700
URL:
https://issues.jboss.org/browse/JBWS-3700
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: jbossws-cxf
Affects Versions: jbossws-cxf-4.1.3
Environment: All supported environments.
Reporter: Fernando Ribeiro
Assignee: Jim Ma
Fix For: jbossws-cxf-4.3
Attachments: jaxwssample-1.0.war
In any calls to one-way operations, the isUserInRole doesn't work as expected.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:
http://www.atlassian.com/software/jira