[jboss-user] [JBoss Web Services] - Re: Session-based web service with JBossWS?

Fri Oct 21 14:46:07 EDT 2011

Steve Cohen [http://community.jboss.org/people/stevecoh4] created the discussion

"Re: Session-based web service with JBossWS?"

To view the discussion, visit: http://community.jboss.org/message/633099#633099

--------------------------------------------------------------
Hmm, tough crowd.  38 people have looked at this an nobody's biting.  Seems like I'm really swimming against the current here - again  :( .  I always seem to wind up doing that. ;) 

But truly, my use case is valid.  I want to wrap a service as a web service so that more than hardwired clients can use it.  There is a real need for session - consider the example of a phone call.  It's not a bunch of discrete messages, it's a CONVERSATION.  That's what I'm trying to implement.

Anyhoo...

One possible solution approach I've come up with is here:

 http://docs.jboss.org/ejb3/app-server/reference/build/reference/en/html/partial_deployment_descriptors.html http://docs.jboss.org/ejb3/app-server/reference/build/reference/en/html/partial_deployment_descriptors.html

In a partial deployment descriptor I can specify METHOD-level permissions.  So, if this works, login can be protected, other methods not.

In exploring this, I soon bump up against my first problem.  As soon as I create a partial deployment descriptor, before I even put anything in it, my web service which was successfully validating every method, now fails with this:

13:29:45,877 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files
java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found
    at org.jboss.security.auth.spi.Util.loadProperties(Util.java:198)
    at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:186)
...

It's no longer looking for jbossws-users.properties - now it's looking for users.properties.  

So, at this point do I need to replace jbossws-users.properties with users.properties (realizing that all this eventually goes away when I hook a real LoginModule) or is there something else I can do?

Also, will the @PermitAll annotation conflict with the JBoss @WebContext.authMethod stuff?

Thanks.
--------------------------------------------------------------

Reply to this message by going to Community
[http://community.jboss.org/message/633099#633099]

Start a new discussion in JBoss Web Services at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20111021/325cd5b3/attachment.html 