[jboss-jira] [JBoss JIRA] (AS7-5732) JAX-WS call is returning Status 403 - Access to the requested resource has been denied

Alessio Soldano (JIRA) jira-events at lists.jboss.org
Fri Oct 19 06:27:01 EDT 2012 

    [ https://issues.jboss.org/browse/AS7-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12727973#comment-12727973 ] 

Alessio Soldano commented on AS7-5732:
--------------------------------------

I've been having a look at the app provided at https://community.jboss.org/message/763547#763547 . It took some time because I found a bug in the same area (see AS7-5784 if interested). Let's ignore for now the use of a custom login module, I believe the problem in the app is a missing annotation at class level. You should add either a @PermitAll or a @DeclareRoles(...) annotation on the com.test.soap.HelloSoap class. That influences the application declared roles that are used in the webapp which is generated by the application server for your ws ejb3 endpoint(s).
The reason why this was not needed in former AS versions (4,5,6) is most likely related to the web layer now defaulting to strict role check mode.

Given the explanation above, I'm solving this jira. If you still have problems after having added the annotation in your app (perhaps related to the custom login module?), feel free to reopen. Thanks.
                
> JAX-WS call is returning Status 403 - Access to the requested resource has been denied
> --------------------------------------------------------------------------------------
>
>                 Key: AS7-5732
>                 URL: https://issues.jboss.org/browse/AS7-5732
>             Project: Application Server 7
>          Issue Type: Bug
>          Components: Web Services
>            Reporter: Fernando Rubbo
>            Assignee: Alessio Soldano
>              Labels: Authentication, JAX-WS
>
> Hi
>  
> I'm facing an issue whenever a WS call (which have a security context) is being made. The problem is:
> When user/pass are not provided by the client the server respond:
>     HTTP Status 401 -This request requires HTTP authentication () 
> When user/pass are provided the server respond:
>     HTTP Status 403 - Access to the requested resource has been denied 
> In Jboss 4.2 it works as expected.
>     On other words. It make the call and authenticate the user.
>  
> I've attached two files in the forum (https://community.jboss.org/message/763547#763547). An eclipse EJB project and the standalone.xml file.
>  
> Please, fix this issue. We need this to finish our migration from JBoss 4.2 to JBoss 7

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list