[jbossws-dev] [Design of JBoss Web Services] - Re: UsernameToken authentication and authorization for POJO
darran.lofthouse@jboss.com
do-not-reply at jboss.com
Tue Sep 23 08:23:01 EDT 2008
Really this should just be for POJO endpoints, EJB3 endpoint already have a mechanism available to them.
We can make it available for EJB3 endpoint, the only problem is that as part of the deployment process the jboss-web.xml for the generated web app would need the same security domain as the EJB.
Using this for EJB3 endpoint could give the ability to restrict who can use the WS endpoint without affecting who can call the bean i.e. maybe only family can call the WS but friends or family can call the EJB3 method directly.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4178280#4178280
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4178280
More information about the jbossws-dev
mailing list