[jboss-user] [JBossWS] - WS Security - Identity propagation between web services.

ravikb_jboss do-not-reply at jboss.com
Tue Apr 14 01:21:55 EDT 2009 

Hi,

I have  two WebServices with EJB Endpoints. (EJBWS1 and WJBWS2). Both are secure web services and the methods in those web services has restricted access by specifying the roles using &RolesAllowed annotation.

For example:

@RolesAllowed("Role1")
public String method1(){}

EJBWS1 is configured to receive the user credentials using WS-Security - User name token (using @EndpointConfig) and EJB2WS is configured to receive credentials using Basic authentication.

Both EJB's are in the same security Domain and also in the same JAR file.

I wrote a client to pass WS-Security credentials to EJBWS1 and it works. In EJBWS1, I called a method in EJBWS2 using EJB way (got a EJB object reference and invoke operation). Identity get propagated and the method call in EJBWS2 gets invoked.

But when i invoke the same using webservice way, i.e in EJBWS1 method, i get a webserviceref (static proxy) for EJJBWS2, get port and invoke operation, i am getting unauthorized error. Identity is not getting propagated from Webservice1 to web service 2

does identity propagation concept not exist in webservice invocations? or am i making any mistake here?

Appreciate your help.

I have included the code in the note:
Thanks in advance
Ravi.


NOTE:
My code for invoking webservice is as follows:
1) Invoking EJBWS 2:

       @WebServiceRef
   static TestBean1WSClient service3;
public void insert(Agent object) {
....

 TestBean1Local tblocal = service3.getEndpointPort();
  tblocal.insert(object);
}
2) 

Created a WebService client using @WebServiceClient annotation:
@WebServiceClient(name = "TestBean1Service", targetNamespace = "http://service.ri.com/", wsdlLocation = "META-INF/wsdl/TestBean1Bean.wsdl")
public class TestBean1WSClient extends Service
{

    private final static URL WSDL_LOCATION;
    private final static QName TESTENDPOINTSERVICE = new QName("http://service.ri.com/", "TestBean1Service");
    private final static QName TESTENDPOINTPORT = new QName("http://service.ri.com/", "TestBean1BeanPort");

    static {
        System.out.println("TestBean1WSClient static block");
        URL url = null;
        try {
                  URL baseUrl = com.hex.ffm.ri.service.TestBean1Local.class.getResource(".");
                  System.out.println(" baseURL "+baseUrl);
            url = new URL("http://127.0.0.1:7000/Practice/TestBean1Bean?wsdl");
        } catch (MalformedURLException e) {
            e.printStackTrace();
        }
        WSDL_LOCATION = url;
    }

   public TestBean1WSClient(URL wsdlLocation, QName serviceName) {
      
        super(wsdlLocation, serviceName);
    
    }

    public TestBean1WSClient() {
        super(WSDL_LOCATION, TESTENDPOINTSERVICE);

    }

    
    @WebEndpoint(name = "TestBean1BeanPort")
    public TestBean1Local getEndpointPort() {
        return (TestBean1Local)super.getPort(TESTENDPOINTPORT, TestBean1Local.class);
    }

}



View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4225232#4225232

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4225232

More information about the jboss-user mailing list