[jbossws-users] [JBossWS] - Trying to use jboss.xml instead of @WebContext

Markus Schulz msc at antzsystem.de
Fri Aug 1 07:04:30 EDT 2008


Am Freitag, 1. August 2008 schrieb karypid:
> Hello,
>
> I'm trying to secure a web service with basic http authentication,
> but I want to keep all JBoss-specific configuration out of my code.
> Therefore, I need some pointers as to how to express the @WebContext
> annotation (used to specify BASIC http authentication) in the
> jboss.xml deployment descriptor.
>
> In more detail:
>
> I have my service implemented as a stateless session bean. I have
> found the following code works perfectly to require authorization,
> but uses JBoss-specific annotations (marked in bold font):
>
> @Stateless
>
>   | @WebService at SecurityDomain("JBossWS")@RolesAllowed("someRole")@We
>   |bContext(authMethod = "BASIC", transportGuarantee = "NONE",
>   | secureWSDLAccess = false)public class MyWSBean { //...
>   | }
>
> I therefore remove the @SecurityDomain and @WebContext annotations
> and added a jboss.xml deployment descriptor as follows:
>
> <?xml version="1.0" encoding="UTF-8"?>
>
>   | <jboss>	<security-domain>java:/jaas/JBossWS</security-domain>	<en
>   |terprise-beans> <session>
>   | 			<ejb-name>MyWSBean</ejb-name>
>   | 			<port-component>
>   | 				<port-component-name>MyWSBean</port-component-name>				<auth-
>   |method>BASIC</auth-method>			</port-component> </session>
>   | 	</enterprise-beans>
>   | </jboss>

i have exactly the same problem. Only the port-component seems to be 
ignored, cause changing the jndi-name inside <session> for a bean works 
fine.

-- 
Markus Schulz



More information about the jbossws-users mailing list