Steve Cohen [http://community.jboss.org/people/stevecoh4] created the discussion
"Re: Session-based web service with JBossWS?" To view the discussion, visit: http://community.jboss.org/message/633138#633138 -------------------------------------------------------------- OK, I keep learning more stuff but it's not getting me where I want to be but I feel I'm getting close. Here http://download.oracle.com/docs/cd/E19879-01/819-3669/bnbyw/index.html http://download.oracle.com/docs/cd/E19879-01/819-3669/bnbyw/index.html I find that the javax.annotation.security annotations can be placed on methods as well as classes. Great, that is what I was missing. Everything compiles, deploys without a hitch. Alas, it doesn't work: package org.javactivity.ws.ejb; import javax.annotation.security.PermitAll; import javax.annotation.security.RolesAllowed; import javax.ejb.Stateless; import javax.jws.HandlerChain; import javax.jws.WebService; import javax.jws.soap.SOAPBinding; import org.jboss.ejb3.annotation.SecurityDomain; import org.jboss.wsf.spi.annotation.WebContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @Stateless @WebContext( contextRoot="attrsws-ejb", urlPattern="/*", authMethod = "BASIC", secureWSDLAccess = false) @SecurityDomain(value = "JBossWS") @WebService(targetNamespace = "http://org.javactivity/MyService/", portName="MyServiceSOAP", serviceName="MyService", endpointInterface="org.javactivity.ws.ejb.MyServicePort") @SOAPBinding(style = SOAPBinding.Style.DOCUMENT, parameterStyle = SOAPBinding.ParameterStyle.BARE) @HandlerChain(file = "handlers.xml") public class MyServicePortImpl implements MyServicePort { private static final Logger log = LoggerFactory.getLogger(MyServicePortImpl.class); private static int nextSession = 0; @Override @PermitAll public int foo(UserTypeType usertype, String username, String key) { nextSession++; log.debug("foo returning a value of {}", nextSession); return nextSession; } @Override @RolesAllowed("friend") public int login(UserIdentity identity) { nextSession++; log.debug("Login returning a value of {}", nextSession); return nextSession; } } If I supply a bad password, neither method allows access. If I supply a good password, both methods allow access. The annotations are not being recognized. What ELSE must I do to get these method permissions recognized by JBoss? -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/633138#633138] Start a new discussion in JBoss Web Services at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]
_______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user