[jbossws-users] [JBoss Web Services Users] - SecurityDomain ignored in webservice

meme do-not-reply at jboss.com
Fri Oct 9 05:45:16 EDT 2009 

Hi,

I hope that this is the correct forum for this webservice and security related question:

I've deployed a ejb3-webservice on a standard jboss using this annotations:


  | @Stateless
  | @SOAPBinding(style = Style.RPC)
  | @WebService(name = "ScheduleEndpoint",
  | serviceName = "ScheduleEndpointService",
  | targetNamespace = "http://my.namespace.de/ws/schedule")
  | @WebContext(contextRoot = "/ws",
  | urlPattern = "/schedule",
  | authMethod = AuthMethod.BASIC,
  | transportGuarantee = TransportGuarantee.CONFIDENTIAL,
  | secureWSDLAccess = false)
  | @SecurityDomain("MySecurity")
  | public class ScheduleBean implements ScheduleLocal, ScheduleEndpoint {
  | 

Everything is fine. The client is forced to use https. But when I try to authenticate myself the error below is shown in the jboss log.

(The same occures when I try to access the wsdl if I enable the secureWSDLAccess)

The mentioned JAAS MySecurity is working because several other webapps are working correctly with this domain.

Do I have to configure the jaas in some other points than in the @SecurityDomain annotation?

Thanks for your help!

Marc


11:27:04,088 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files
  | java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found
  |         at org.jboss.security.auth.spi.Util.loadProperties(Util.java:198)
  |         at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:186)
  |         at org.jboss.security.auth.spi.UsersRolesLoginModule.createUsers(UsersRolesLoginModule.java:200)
  |         at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:127)
  |         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  |         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  |         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  |         at java.lang.reflect.Method.invoke(Method.java:597)
  |         at javax.security.auth.login.LoginContext.invoke(LoginContext.java:756)
  |         at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
  |         at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
  |         at java.security.AccessController.doPrivileged(Native Method)
  |         at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
  |         at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
  |         at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
  |         at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
  |         at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
  |         at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
  |         at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
  |         at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:181)
  |         at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
  |         at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
  |         at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
  |         at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
  |         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
  |         at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
  |         at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
  |         at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:383)
  |         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
  |         at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
  |         at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
  |         at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
  |         at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
  |         at java.lang.Thread.run(Thread.java:619)

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4259571#4259571

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4259571

More information about the jbossws-users mailing list