[jboss-user] [JBoss Web Services Users] - Cannot Access Secure EJB3 Web Service

skerstetter do-not-reply at jboss.com
Thu Sep 24 11:19:15 EDT 2009

I have a web service that worked fine in AS 4.2.1GA, but since porting to 5.1.0GA, I have been unable to access it if it is secure.  If I remove authMethod=BASIC setting of the WebContext, I can access the ejb, but it is not secure.

I am using the native stack, version 3.2.0GA.

Here is my interface definition (simplified):

  | @WebService
  | @SOAPBinding(style = SOAPBinding.Style.RPC)
  | public interface Inquiry { 
  |     String echo(@WebParam(name="echoText", mode=Mode.IN) String echoText);

Here is my EJB3 definition:

  | @WebService(endpointInterface="com.foo.Inquiry")
  | @WebContext(contextRoot="check-inquiry", /* SEK TODO: not working */ authMethod="BASIC" /**/, secureWSDLAccess=false) 
  | @Stateless
  | @SecurityDomain("my-security-domain")
  | @TransactionAttribute(TransactionAttributeType.SUPPORTS)  //we do not require a transaction. we do not perform any updates.
  | @Interceptors({PerformanceProfiler.class, ExceptionLogger.class})
  | public class InquiryImpl extends BasePersistentContextHolder implements Inquiry {
  |     @Override
  |     public String echo(final String echoText) {
  |         getLog().debug("echo=[" + echoText+ "]");
  |         return echoText;
  |     }

Here is my jax-rpc client code:

  |     private Inquiry getService(final String username, final String password, final boolean withAuth) throws MalformedURLException, ServiceException {
  |         Stub stub = (Stub) new InquiryService_Impl().getInquiryPort();
  |         stub._setProperty(javax.xml.rpc.Stub.ENDPOINT_ADDRESS_PROPERTY, "http://localhost:8080/check-inquiry/InquiryImpl?wsdl");
  |         if (withAuth) {
  |             stub._setProperty(javax.xml.rpc.Stub.USERNAME_PROPERTY, username);
  |             stub._setProperty(javax.xml.rpc.Stub.PASSWORD_PROPERTY, password);
  |         }
  |         return (Inquiry) stub;
  |     }

Let's see, I've got the custom security domain configured in conf/login-config.xml.  I've read through the documentation and tried a number of things with other configuration files, like jboss-wsse-server.xml in META-INF.  Nothing has worked.  I am deploying as an ejb-jar file inside of an ear file.

I'm hoping that someone can see some inconsistency in this all that I have missed. 

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4256905#4256905

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4256905

More information about the jboss-user mailing list