[jboss-user] [JBossWS] - Please help, cannot get @RolesAllowed to work.

mjremijan do-not-reply at jboss.com
Fri Sep 19 12:23:54 EDT 2008

I am trying to get @RolesAllowed to work but despite setting a user which does NOT have the role "JournalAccountLogin" the web service method is allowed to be called anyway.  See below for what I have configured. From the client I use a user which has the role "Journal JWS" so I can get past the <security-constraints> definition in the web.xml, however this user does NOT have the "JournalAccountLogin" role so when I try to call the login(...) method I was expecting the call to not work but it does.  Can anyone help with this?


  | 	@WebMethod
  | 	@RolesAllowed("JournalAccountLogin")
  | 	public Account login(...) { ... }

FILE web.xml

  |      <servlet-mapping>
  |     	<servlet-name>AccountJws</servlet-name>
  |     	<url-pattern>/bin/account.jws</url-pattern>
  |     </servlet-mapping>
  |     .
  |     .
  |     .
  |     <security-constraint>
  |     	<display-name>secure and confidential</display-name>
  |     	<web-resource-collection>
  |     		<web-resource-name>All</web-resource-name>
  |     		<url-pattern>/bin/*</url-pattern>
  |     	</web-resource-collection>
  |     	<auth-constraint>
  |     		<description>Only Journal JWS role has access</description>
  |     		<role-name>Journal JWS</role-name>
  |     	</auth-constraint>    	
  |     	<user-data-constraint>
  |     		<description>Only HTTPS</description>
  |     		<transport-guarantee>CONFIDENTIAL</transport-guarantee>
  |     	</user-data-constraint>
  |     </security-constraint>

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4177719#4177719

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4177719

More information about the jboss-user mailing list