I encountered problem and I don't know how to resolve it.
I have an application deployed on jboss-4.0.5GA (jbossws upgaded to
jbossws-1.2.1.GA). Part of application is stateless session bean deployed as
WebService.
@WebService(name = "CtxManager", serviceName = "CtxManagerService",
targetNamespace = WSConstants.TARGET_NAMESPACE)
@WebContext(contextRoot = ctxWS, authMethod = "BASIC", transportGuarantee =
"CONFIDENTIAL", secureWSDLAccess = true)
@Stateless
@SecurityDomain("myApplicationPolicyName")
@RolesAllowed("cuser")
public class CtxManagerBean implements CtxManager{
...
@WebMethod
public boolean hasActiveCall(@WebParam(name = "dialNumber"){...}
...
}
Same application also has seam component:
@Stateless
@Name("orgUnitBrowser")
@Restrict("#{s:hasRole('cuser')}")
public class OrgUnitBrowserBean implements OrgUnitBrowserLocal{...}
When I try to invoke CtxManagerBean.hasActiveCall method from orgUnitBroswer I
get authorization failure ([RoleBasedAuthorizationInterceptor] Insufficient
permissions, principal=null, requiredRoles=[cuser], principalRoles=[]).
When I invoke WS method from my WS client, authentication/authorization works
fine. Web page (a JSF page that invokes orgUnitBrowser method that invokes
ctxManager method) is also protected.
login-config.xml:
...
| <application-policy name = "myApplicationPolicyName">
| <login-module code =
"org.jboss.security.auth.spi.DatabaseServerLoginModule"
| flag = "required">
| <module-option name =
"unauthenticatedIdentity">guest</module-option>
| <module-option name =
"dsJndiName">java:/myDataSource</module-option>
| <module-option name = "principalsQuery">SELECT password FROM
USERS WHERE username=?</module-option>
| <module-option name = "rolesQuery">SELECT r.description,
'Roles'
|
FROM USERS u
|
JOIN USERS_ROLE ur ON ur.users_id=u.id
|
JOIN ROLE r ON ur.roles_id=r.id
|
AND u.username=?
| </module-option>
| </login-module>
| <login-module code = "org.jboss.security.ClientLoginModule" flag
= "required"/>
| </authentication>
| </application-policy>
| ...
components.xml:
...
| <drools:rule-base name="securityRules">
| <drools:rule-files>
| <value>/security.drl</value>
| </drools:rule-files>
| </drools:rule-base>
|
| <security:identity jaas-config-name="myApplicationPolicyName"
| security-rules="#{securityRules}"/>
| ...
page.xml:
...
| <page view-id="/cuser/*" login-required="true">
| <restrict>#{s:hasRole('cuser')}</restrict></page>
| ...
What else should I define/change, to resolve problem?
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4044946#4044946
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4044946
_______________________________________________
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user
