[jboss-jira] [JBoss JIRA] (WFLY-3251) @WebContext overrides realm in web.xml
Alessio Soldano (JIRA)
issues at jboss.org
Mon Jul 21 09:43:31 EDT 2014
[ https://issues.jboss.org/browse/WFLY-3251?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12986658#comment-12986658 ]
Alessio Soldano commented on WFLY-3251:
---------------------------------------
This is related to JBWS-2680.
Besides for that, we should investigate if it's correct to "blindly" override the real-name in the JBossWebMetaData [1] in this scenario (ejb3 endpoints in a war deployment with an explicit web.xml).
[1] org.jboss.as.webservices.tomcat.WebMetaDataCreator#createLoginConfig method
> @WebContext overrides realm in web.xml
> --------------------------------------
>
> Key: WFLY-3251
> URL: https://issues.jboss.org/browse/WFLY-3251
> Project: WildFly
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Web Services
> Affects Versions: 8.1.0.CR2
> Reporter: Juergen Zimmermann
> Assignee: Alessio Soldano
> Fix For: 9.0.0.Alpha1
>
>
> In WEB-INF/web.xml I'm having this declaration (to be used for REST and SOAP):
> {code}
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>Shop</realm-name>
> </login-config>
> {code}
> Furthermore, I'm having a SOAP-based web service:
> {code}
> @WebService(name = "KundeSOAP",
> targetNamespace = "urn:shop:soap:kunde",
> serviceName = "KundeSOAPService")
> @SOAPBinding
> @WebContext(authMethod = "BASIC",
> transportGuarantee = "CONFIDENTIAL",
> secureWSDLAccess = true)
> @Stateless
> @Interceptors(ConstraintViolationInterceptor.class)
> @RolesAllowed({ "...", "..." })
> @SecurityDomain("...")
> public class KundeSOAP {...}
> {code}
> But when the client invokes the server, then the realm name is "EJBWebServiceEndpointServlet Realm".
--
This message was sent by Atlassian JIRA
(v6.2.6#6264)
More information about the jboss-jira
mailing list