[jboss-user] [JBossWS] - WS Security - Identity propagation between web services.

ravikb_jboss do-not-reply at jboss.com
Tue Apr 14 01:21:55 EDT 2009


I have  two WebServices with EJB Endpoints. (EJBWS1 and WJBWS2). Both are secure web services and the methods in those web services has restricted access by specifying the roles using &RolesAllowed annotation.

For example:

public String method1(){}

EJBWS1 is configured to receive the user credentials using WS-Security - User name token (using @EndpointConfig) and EJB2WS is configured to receive credentials using Basic authentication.

Both EJB's are in the same security Domain and also in the same JAR file.

I wrote a client to pass WS-Security credentials to EJBWS1 and it works. In EJBWS1, I called a method in EJBWS2 using EJB way (got a EJB object reference and invoke operation). Identity get propagated and the method call in EJBWS2 gets invoked.

But when i invoke the same using webservice way, i.e in EJBWS1 method, i get a webserviceref (static proxy) for EJJBWS2, get port and invoke operation, i am getting unauthorized error. Identity is not getting propagated from Webservice1 to web service 2

does identity propagation concept not exist in webservice invocations? or am i making any mistake here?

Appreciate your help.

I have included the code in the note:
Thanks in advance

My code for invoking webservice is as follows:
1) Invoking EJBWS 2:

   static TestBean1WSClient service3;
public void insert(Agent object) {

 TestBean1Local tblocal = service3.getEndpointPort();

Created a WebService client using @WebServiceClient annotation:
@WebServiceClient(name = "TestBean1Service", targetNamespace = "http://service.ri.com/", wsdlLocation = "META-INF/wsdl/TestBean1Bean.wsdl")
public class TestBean1WSClient extends Service

    private final static URL WSDL_LOCATION;
    private final static QName TESTENDPOINTSERVICE = new QName("http://service.ri.com/", "TestBean1Service");
    private final static QName TESTENDPOINTPORT = new QName("http://service.ri.com/", "TestBean1BeanPort");

    static {
        System.out.println("TestBean1WSClient static block");
        URL url = null;
        try {
                  URL baseUrl = com.hex.ffm.ri.service.TestBean1Local.class.getResource(".");
                  System.out.println(" baseURL "+baseUrl);
            url = new URL("");
        } catch (MalformedURLException e) {
        WSDL_LOCATION = url;

   public TestBean1WSClient(URL wsdlLocation, QName serviceName) {
        super(wsdlLocation, serviceName);

    public TestBean1WSClient() {


    @WebEndpoint(name = "TestBean1BeanPort")
    public TestBean1Local getEndpointPort() {
        return (TestBean1Local)super.getPort(TESTENDPOINTPORT, TestBean1Local.class);


View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4225232#4225232

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4225232

More information about the jboss-user mailing list