[jbossws-users] Require authentication for everything but the WSDL

Alexandros Karypidis akarypid at yahoo.gr
Tue Jul 29 06:19:03 EDT 2008 

Basically, I'm looking for the correct security constraint for the
deployment descriptor. The "servlet" (it's a @WebService-annotated POJO
really) has a security constraint in the web.xml as follows:

    <servlet>
        <servlet-name>MyService</servlet-name>
        <servlet-class>
            mytest.MyService
        </servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>MyService</servlet-name>
<!-- The URLs are redirected to the jbossws wrapper-servlet -->
        <url-pattern>/MyService/*</url-pattern>
    </servlet-mapping>
<!-- Here comes the problem -->
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>
                Whatever...
            </web-resource-name>
<!-- Can I specify something here that will allow the WSDL to be
accessed? -->
<!-- It is published at: http://localhost:8080/MyService?wsdl -->
            <url-pattern>/MyService/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>SOMEROLE</role-name>
        </auth-constraint>
    </security-constraint>
    <security-role>
        <role-name>SOMEROLE</role-name>
    </security-role>
    <login-config>
        <auth-method>BASIC</auth-method>
    </login-config>


Alexandros Karypidis wrote:
> Hello all,
>
> This is a beginner question.
>
> I've been using the instructions here:
> http://jbws.dyndns.org/mediawiki/index.php/JAX-WS_User_Guide
>
> I've successfully created a POJO web service and published it as a 
> servlet in JBoss 4.2.2. I also created a user / role in the jbossws 
> security realm and restricted access to my web service using web.xml.
>
> ===> The problem is: the way I've configured things, JBoss asks me for 
> a password even when trying to access the WSDL. If I download the 
> published WSDL with Firefox and save it locally, my test client can 
> read it and then accesses the web services successfully (using the 
> BindingProvider properties). I would like to retrieve the WSDL from 
> the server as follows:
>
>        URL wsdlURL = new URL(
>                "file:///path/to/MyTestService.wsdl");  //<==== THIS WORKS
>
> //        URL wsdlURL = new URL(
> //                
> "http://localhost:8080/jbossws/services/MyTestService?wsdl");
> //       <====  THE ABOVE FAILS BECAUSE IT REQUIRES HTTP BASIC AUTH ====>
>
>
>        QName serviceName = ...;
>        Service s = Service.create(wsdlURL, serviceName);
>        MyService ms = (MyService) s.getPort(MyService.class);
>        BindingProvider bp = (BindingProvider) rs;
>        bp.getRequestContext().put(BindingProvider.USERNAME_PROPERTY,
>                "xxx");
>        bp.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY,
>                "yyy");
>
>
> _______________________________________________
> jbossws-users mailing list
> jbossws-users at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/jbossws-users

More information about the jbossws-users mailing list