[jbossws-issues] [JBoss JIRA] (JBWS-3485) JBoss AS 7 requires authentication for unsecured @WebMethod

Abhijit Sarkar (JIRA) jira-events at lists.jboss.org
Fri Apr 13 20:33:47 EDT 2012


    [ https://issues.jboss.org/browse/JBWS-3485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12684108#comment-12684108 ] 

Abhijit Sarkar commented on JBWS-3485:
--------------------------------------

The web.xml certainly helped. I've 2 questions:
1. Is there a way I can view the generated web.xml?
2. How is the realm managed? Is it created and destroyed along with the application? I certainly did not create a realm by that name.
                
> JBoss AS 7 requires authentication for unsecured @WebMethod
> -----------------------------------------------------------
>
>                 Key: JBWS-3485
>                 URL: https://issues.jboss.org/browse/JBWS-3485
>             Project: JBoss Web Services
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>         Environment: Mac OS X, Apple JDK 1.6.31, JBoss AS 7.1.1.Final
>            Reporter: Abhijit Sarkar
>
> *** Not sure about component or affect versions, please excuse ***
> Have a simple EJB3 Endpoint with 3 methods, one unannotated, another annotated @PermitAll and the other one annotated @RolesAllowed. Using security domain "other" with 2 users, details shown below. JBoss returns 401 when the unannotated/unsecured method is invoked without proper authorization. It shouldn't care about authentication or authorization for the unannotated/unsecured method.
> Attached with the forum post is a project that demonstrates the problem. The post started of on an incorrect understanding but ends with the correct one so please read it fully before commenting.
> # application-users.properties #
> # is for illustration only and does not correspond to a usable password.
> #
> #admin=2a0923285184943425d1f53ddd58ec7a
> user=8544a03c79aee5b1c99458d83ee0f9e0
> guest=1bb6b7c18b5c1dab17f5141fa398905a
> # application-roles.properties #
> #
> #admin=PowerUser,BillingAdmin,
> #guest=guest
> user=AppUser
> guest=AppGuest

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        


More information about the jbossws-issues mailing list