[jbossws-users] Require authentication for everything but the WSDL
Alexandros Karypidis
akarypid at yahoo.gr
Tue Jul 29 06:19:03 EDT 2008
Basically, I'm looking for the correct security constraint for the
deployment descriptor. The "servlet" (it's a @WebService-annotated POJO
really) has a security constraint in the web.xml as follows:
<servlet>
<servlet-name>MyService</servlet-name>
<servlet-class>
mytest.MyService
</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>MyService</servlet-name>
<!-- The URLs are redirected to the jbossws wrapper-servlet -->
<url-pattern>/MyService/*</url-pattern>
</servlet-mapping>
<!-- Here comes the problem -->
<security-constraint>
<web-resource-collection>
<web-resource-name>
Whatever...
</web-resource-name>
<!-- Can I specify something here that will allow the WSDL to be
accessed? -->
<!-- It is published at: http://localhost:8080/MyService?wsdl -->
<url-pattern>/MyService/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>SOMEROLE</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>SOMEROLE</role-name>
</security-role>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
Alexandros Karypidis wrote:
> Hello all,
>
> This is a beginner question.
>
> I've been using the instructions here:
> http://jbws.dyndns.org/mediawiki/index.php/JAX-WS_User_Guide
>
> I've successfully created a POJO web service and published it as a
> servlet in JBoss 4.2.2. I also created a user / role in the jbossws
> security realm and restricted access to my web service using web.xml.
>
> ===> The problem is: the way I've configured things, JBoss asks me for
> a password even when trying to access the WSDL. If I download the
> published WSDL with Firefox and save it locally, my test client can
> read it and then accesses the web services successfully (using the
> BindingProvider properties). I would like to retrieve the WSDL from
> the server as follows:
>
> URL wsdlURL = new URL(
> "file:///path/to/MyTestService.wsdl"); //<==== THIS WORKS
>
> // URL wsdlURL = new URL(
> //
> "http://localhost:8080/jbossws/services/MyTestService?wsdl");
> // <==== THE ABOVE FAILS BECAUSE IT REQUIRES HTTP BASIC AUTH ====>
>
>
> QName serviceName = ...;
> Service s = Service.create(wsdlURL, serviceName);
> MyService ms = (MyService) s.getPort(MyService.class);
> BindingProvider bp = (BindingProvider) rs;
> bp.getRequestContext().put(BindingProvider.USERNAME_PROPERTY,
> "xxx");
> bp.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY,
> "yyy");
>
>
> _______________________________________________
> jbossws-users mailing list
> jbossws-users at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/jbossws-users
More information about the jbossws-users
mailing list