[jboss-user] [JBossWS] - Trying to use jboss.xml instead of @WebContext

karypid do-not-reply at jboss.com
Fri Aug 1 06:37:08 EDT 2008 

Hello,

I'm trying to secure a web service with basic http authentication, but I want to keep all JBoss-specific configuration out of my code. Therefore, I need some pointers as to how to express the @WebContext annotation (used to specify BASIC http authentication) in the jboss.xml deployment descriptor.

In more detail:

I have my service implemented as a stateless session bean. I have found the following code works perfectly to require authorization, but uses JBoss-specific annotations (marked in bold font):

@Stateless
  | @WebService at SecurityDomain("JBossWS")@RolesAllowed("someRole")@WebContext(authMethod = "BASIC", transportGuarantee = "NONE", secureWSDLAccess = false)public class MyWSBean {
  | //...
  | }
  | 
I therefore remove the @SecurityDomain and @WebContext annotations and added a jboss.xml deployment descriptor as follows:

<?xml version="1.0" encoding="UTF-8"?>
  | <jboss>	<security-domain>java:/jaas/JBossWS</security-domain>	<enterprise-beans>
  | 		<session>
  | 			<ejb-name>MyWSBean</ejb-name>
  | 			<port-component>
  | 				<port-component-name>MyWSBean</port-component-name>				<auth-method>BASIC</auth-method>			</port-component>
  | 		</session>
  | 	</enterprise-beans>
  | </jboss>
However, the configuration is not picked up for some reason. All attempts to access the web service fail due to an authorization failure. I can tell that the jboss.xml file is pared because if I mistype something (e.g. use <ejb-name>MyWSBeanWILLNOTMATCH</ejb-name>, or <security-domain>ThisDoesNotExist</security-domain>) then JBoss complains during deployment that the bean / realm does not exist.

Specifically, I verified that my jboss.xml works for replacing the @SecurityDomain annotation by leaving @WebContext in the code and specifying the domain with the <security-domain> tag in jboss.xml: this works.

Can anybody help me out with the proper deployment descriptor content for replacing the @WebContext?

P.S. No other deployment descriptors exists (no webservices.xml and the ejb-jar.xml is empty).


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4168135#4168135

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4168135

More information about the jboss-user mailing list