[jboss-user] [JBoss Web Services] - Re: Session-based web service with JBossWS?

Steve Cohen do-not-reply at jboss.com
Sat Oct 22 11:17:49 EDT 2011 

Steve Cohen [http://community.jboss.org/people/stevecoh4] created the discussion

"Re: Session-based web service with JBossWS?"

To view the discussion, visit: http://community.jboss.org/message/633138#633138

--------------------------------------------------------------
OK, I keep learning more stuff but it's not getting me where I want to be but I feel I'm getting close.

Here

 http://download.oracle.com/docs/cd/E19879-01/819-3669/bnbyw/index.html http://download.oracle.com/docs/cd/E19879-01/819-3669/bnbyw/index.html

I find that the javax.annotation.security annotations can be placed on methods as well as classes.  Great, that is what I was missing.  Everything compiles, deploys without a hitch.  Alas, it doesn't work:  


package org.javactivity.ws.ejb;
 
import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
import javax.ejb.Stateless;
import javax.jws.HandlerChain;
import javax.jws.WebService;
import javax.jws.soap.SOAPBinding;
 
import org.jboss.ejb3.annotation.SecurityDomain;
import org.jboss.wsf.spi.annotation.WebContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
 
@Stateless
 
@WebContext(
        contextRoot="attrsws-ejb", 
        urlPattern="/*",
        authMethod = "BASIC",
        secureWSDLAccess = false)
@SecurityDomain(value = "JBossWS")
 
@WebService(targetNamespace = "http://org.javactivity/MyService/", 
portName="MyServiceSOAP",
serviceName="MyService", 
endpointInterface="org.javactivity.ws.ejb.MyServicePort")
@SOAPBinding(style = SOAPBinding.Style.DOCUMENT, parameterStyle = SOAPBinding.ParameterStyle.BARE) 
@HandlerChain(file = "handlers.xml") 
 
public class MyServicePortImpl implements MyServicePort {
    private static final Logger log = LoggerFactory.getLogger(MyServicePortImpl.class);
    private static int nextSession = 0;
 
    @Override
    @PermitAll
    public int foo(UserTypeType usertype, String username, String key) {
        nextSession++;
        log.debug("foo returning a value of {}", nextSession);
        return nextSession;
    }
    @Override
    @RolesAllowed("friend")
    public int login(UserIdentity identity) {
        nextSession++;
        log.debug("Login returning a value of {}", nextSession);
        return nextSession;
    }
}
 

If I supply a bad password, neither method allows access.  If I supply a good password, both methods allow access.  The annotations are not being recognized. 

What ELSE must I do to get these method permissions recognized by JBoss?
--------------------------------------------------------------

Reply to this message by going to Community
[http://community.jboss.org/message/633138#633138]

Start a new discussion in JBoss Web Services at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20111022/5af3b9aa/attachment-0001.html

More information about the jboss-user mailing list