[jboss-user] [Beginners Corner] - Secure EJBs and Webservices

OrangeMetallicFrog do-not-reply at jboss.com
Wed Dec 17 11:44:40 EST 2008

Hi all,

I've got an EJB that I have managed to secure using LDAP.  I've got a standalone client that can connect, login and invoke methods on the EJB.  That's all good.

However, I also have a webservice.  The webservice takes three parameters with two of the parameters being the username and password to use (principal and credentials) to invoke the method on the EJB.

The webservice method sets java.naming.security.principal and java.naming.security.credentials in the call to InitialContext, but it always fails.

What am I missing that I need to do?

For the client to work, I had to create a jndi.properties file with the relevant settings in and an auth.conf file to specify the security domain to use.  But I don't know if I have to (or how to if I do) do that for the webservice.

Thanks for any help!

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4197175#4197175

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4197175

More information about the jboss-user mailing list