Christy Christy [http://community.jboss.org/people/christy] created the discussion
"web-service authentication problem" To view the discussion, visit: http://community.jboss.org/message/548931#548931 -------------------------------------------------------------- Hi to everyone! I want to secure the endpoint but do not want to secure thr wsdl file. I tried to do it two ways but I can not do it. The first way: I tried to use annotations. This is my simple POJO web-service: > @WebContext(contextRoot="/testFormats", urlPattern="/*", authMethod="BASIC", > transportGuarantee="NONE", secureWSDLAccess=false) > @SecurityDomain("JBossWS") > @RolesAllowed("friend") > @WebService( > portName = "TestFormatsPort", > serviceName = "TestFormatsService", > targetNamespace = " http://testservices/ http://testservices/" > ) > public class TestFormatsService { > @WebMethod > public int getNumber(Double d) { > ///// > } In this case wsdl is not secure, but the endpoint is not secure too. I can easy get access to web-service through client stubs. the second way: I did not used any annotations, I configured web.xml: > <web-app version='2.4' xmlns=' http://java.sun.com/xml/ns/j2ee > http://java.sun.com/xml/ns/j2ee' xmlns:xsi=' > http://www.w3.org/2001/XMLSchema-instance > http://www.w3.org/2001/XMLSchema-instance' xsi:schemaLocation=' > http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee > http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd > http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd'> > <servlet> > <servlet-name>TestFormatsService</servlet-name> > <servlet-class>testservices.TestFormatsService</servlet-class> > </servlet> > <servlet-mapping> > <servlet-name>TestFormatsService</servlet-name> > <url-pattern>/*</url-pattern> > </servlet-mapping> > > <security-constraint> > <web-resource-collection> > <web-resource-name>All resources</web-resource-name> > <url-pattern>/*</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>friend</role-name> > </auth-constraint> > </security-constraint> > <login-config> > <auth-method>BASIC</auth-method> > </login-config> > <security-role> > <role-name>friend</role-name> > </security-role> > </web-app> And I configured +jboss-web.xlm:+ + +> > <?xml version="1.0" encoding="UTF-8"?> > <jboss-web> > <security-domain>java:/jaas/foobar</security-domain> > </jboss-web> > In this case I have secured wsdl. Please help me to do the secure endpoint but not secure wsdl. thanks in advance -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/548931#548931] Start a new discussion in JBoss Web Services at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]
_______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
