5:37 a.m.
Hello,
I'm trying to secure a web service with basic http authentication, but I want to keep
all JBoss-specific configuration out of my code. Therefore, I need some pointers as to how
to express the @WebContext annotation (used to specify BASIC http authentication) in the
jboss.xml deployment descriptor.
In more detail:
I have my service implemented as a stateless session bean. I have found the following code
works perfectly to require authorization, but uses JBoss-specific annotations (marked in
bold font):
@Stateless
|
@WebService@SecurityDomain("JBossWS")@RolesAllowed("someRole")@WebContext(authMethod
= "BASIC", transportGuarantee = "NONE", secureWSDLAccess =
false)public class MyWSBean {
| //...
| }
|
I therefore remove the @SecurityDomain and @WebContext annotations and added a jboss.xml
deployment descriptor as follows:
<?xml version="1.0" encoding="UTF-8"?>
|
<jboss> <security-domain>java:/jaas/JBossWS</security-domain> <enterprise-beans>
| <session>
| <ejb-name>MyWSBean</ejb-name>
| <port-component>
|
<port-component-name>MyWSBean</port-component-name> <auth-method>BASIC</auth-method> </port-component>
| </session>
| </enterprise-beans>
| </jboss>
However, the configuration is not picked up for some reason. All attempts to access the
web service fail due to an authorization failure. I can tell that the jboss.xml file is
pared because if I mistype something (e.g. use
<ejb-name>MyWSBeanWILLNOTMATCH</ejb-name>, or
<security-domain>ThisDoesNotExist</security-domain>) then JBoss complains
during deployment that the bean / realm does not exist.
Specifically, I verified that my jboss.xml works for replacing the @SecurityDomain
annotation by leaving @WebContext in the code and specifying the domain with the
<security-domain> tag in jboss.xml: this works.
Can anybody help me out with the proper deployment descriptor content for replacing the
@WebContext?
P.S. No other deployment descriptors exists (no webservices.xml and the ejb-jar.xml is
empty).
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4168135#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...
6:04 a.m.
Am Freitag, 1. August 2008 schrieb karypid:
Hello,
I'm trying to secure a web service with basic http authentication,
but I want to keep all JBoss-specific configuration out of my code.
Therefore, I need some pointers as to how to express the @WebContext
annotation (used to specify BASIC http authentication) in the
jboss.xml deployment descriptor.
In more detail:
I have my service implemented as a stateless session bean. I have
found the following code works perfectly to require authorization,
but uses JBoss-specific annotations (marked in bold font):
@Stateless
|
@WebService@SecurityDomain("JBossWS")@RolesAllowed("someRole")@We
|bContext(authMethod = "BASIC", transportGuarantee = "NONE",
| secureWSDLAccess = false)public class MyWSBean { //...
| }
I therefore remove the @SecurityDomain and @WebContext annotations
and added a jboss.xml deployment descriptor as follows:
<?xml version="1.0" encoding="UTF-8"?>
|
<jboss> <security-domain>java:/jaas/JBossWS</security-domain> <en
|terprise-beans> <session>
| <ejb-name>MyWSBean</ejb-name>
| <port-component>
| <port-component-name>MyWSBean</port-component-name> <auth-
|method>BASIC</auth-method> </port-component> </session>
| </enterprise-beans>
| </jboss>
i have exactly the same problem. Only the port-component seems to be
ignored, cause changing the jndi-name inside <session> for a bean works
fine.
--
Markus Schulz
5995
days inactive
5995
days old
1 comments
2 participants
participants (2)
-
karypid -
Markus Schulz