[jboss-user] [JBossWS] - User authorization in Web Service

ike do-not-reply at jboss.com
Fri Jul 27 03:48:54 EDT 2007


How to setup user authentication in a web service? I have something like:

@Stateless
@WebService(endpointInterface="com.m1.sample.core.IRoleMgrWebService")
@SecurityDomain("mydomain")
public class RoleMgrEjbWeb implements IRoleMgrWebService {
...
@AllowedRoles("role")
public void doSomething() {...}
}

The client is like that:
URL url = new URL("http://127.0.0.1:8080/RoleMgrEjbWebService/RoleMgrEjbWeb?wsdl");
QName qname = new QName("http://core.sample.m1.com/", "RoleMgrEjbWebService");

ServiceFactory factory = ServiceFactory.newInstance();
Service service = factory.createService(url, qname);

IRoleMgrWebService ws = (IRoleMgrWebService) service.getPort(IRoleMgrWebService.class);
		
ws.doSomething();

What should I write to pass user's credentials? I tried something like:
URL url = Thread.currentThread().getContextClassLoader().getResource("auth.conf");
System.setProperty("java.security.auth.login.config", url.toString());
	    
javax.security.auth.login.LoginContext lh = new javax.security.auth.login.LoginContext("aloe",
    		new AloeLoginHandler("ike", "1"));
lh.login();

But that works only if I call EJB's not service.

Btw, is there any documentation about authentication and authorization in jboss web services?

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4068118#4068118

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4068118



More information about the jboss-user mailing list