[jboss-user] [JBossWS] - WS basic auth only for post requests
waperboy
do-not-reply at jboss.com
Fri Oct 27 07:43:11 EDT 2006
I've created a web service, and added basic authentication according to the user-guide chapter 13 (http://labs.jboss.com/portal/jbossws/user-guide/en/html/secure-ejb.html), but it results in basic auth being activated for both GET and POST. I want access to the wsdl to be public.
The web service is defined using webservices.xml, jboss.xml, and ejb-jar.xml, and is contained in a jar file.
I notice in the web.xml file generated by jboss on deploy, that both GET and POST is specified in the security-constraint.
Any ideas on how I can make access to the wsdl (GET requests) public, and only the ws-methods (POST requests) authenticated?
/Per
webservices.xml:
| <webservice-description>
| <webservice-description-name>MyService</webservice-description-name>
| <wsdl-file>META-INF/wsdl/MyService.wsdl</wsdl-file>
| <jaxrpc-mapping-file>META-INF/MyService-mapping.xml</jaxrpc-mapping-file>
| <port-component>
| <port-component-name>MyService</port-component-name>
| <wsdl-port>MyServicePort</wsdl-port>
| <service-endpoint-interface>com.test.ws.MyServiceEndpoint</service-endpoint-interface>
| <service-impl-bean>
| <ejb-link>MyServiceBean</ejb-link>
| <servlet-link></servlet-link>
| </service-impl-bean>
| </port-component>
| </webservice-description>
|
jboss.xml:
| <jboss>
| <security-domain>java:/jaas/my-security-domain</security-domain>
| <enterprise-beans>
| <session>
| <ejb-name>MyServiceBean</ejb-name>
| <port-component>
| <port-component-name>MyService</port-component-name>
| <port-component-uri>/ws/MyService</port-component-uri>
| <auth-method>BASIC</auth-method>
| </port-component>
| </session>
| </enterprise-beans>
| </jboss>
|
ejb-jar.xml:
| <enterprise-beans>
| <session>
| <ejb-name>MyServiceBean</ejb-name>
| <service-endpoint>com.test.ws.MyServiceEndpoint</service-endpoint>
| <ejb-class>com.test.ws.MyServiceSLSB</ejb-class>
| <session-type>Stateless</session-type>
| <transaction-type>Container</transaction-type>
| <security-role-ref>
| <role-name>@ROLE_EXPORT@</role-name>
| </security-role-ref>
| <security-role-ref>
| <role-name>@ROLE_IMPORT@</role-name>
| </security-role-ref>
| </session>
| </enterprise-beans>
|
| <assembly-descriptor>
| <security-role>
| <role-name>@ROLE_IMPORT@</role-name>
| </security-role>
| <security-role>
| <role-name>@ROLE_EXPORT@</role-name>
| </security-role>
| <method-permission>
| <role-name>@ROLE_IMPORT@</role-name>
| <method>
| <ejb-name>MyServiceBean</ejb-name>
| <method-name>submit</method-name>
| </method>
| </method-permission>
| <method-permission>
| <role-name>@ROLE_EXPORT@</role-name>
| <method>
| <ejb-name>MyServiceBean</ejb-name>
| <method-name>fetch</method-name>
| </method>
| </method-permission>
| </assembly-descriptor>
|
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3981275#3981275
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3981275
More information about the jboss-user
mailing list