Hello,
I am using the very latest: JBossAS 4.2.3.GA and JBossWS-Native 3.0.3.GA.
When my EJB is coded as follows:
@Stateless
| @WebService(
| serviceName="MyBasicWS", portName = "MyBasicWSSOAP",
| targetNamespace = "http://www.example.org/MyBasicWS/";,
| endpointInterface = "org.example.mybasicws.MyBasicWS")
| @WebContext(authMethod="BASIC")
| @RolesAllowed("friend")
| public class MyBasicWSImpl {
| public String echo(String in) {
| System.out.println("RECEIVED: " + in);
| return in;
| }
| }
I use the following jboss.xml to set the security domain:
http://www.jboss.org/j2ee/dtd/jboss_4_2.dtd";>
|
| java:/jaas/JBossWS
|
| myBasicWS
|
|
Everything works like a charm with the combination above (I must access the EJB
as kermit/thefrog from the default jbossws-.properties files). However, I
want to get rid of the @WebContext annotation. My idea (which does not work) is
the following combination:
@Stateless
| @WebService(
| serviceName="MyBasicWS", portName = "MyBasicWSSOAP",
| targetNamespace = "http://www.example.org/MyBasicWS/";,
| endpointInterface = "org.example.mybasicws.MyBasicWS")
| //@WebContext(authMethod="BASIC")
| //Undesirable
| //The above should be picked up from jboss.xml
| @RolesAllowed("friend")
| public class MyBasicWSImpl {
| public String echo(String in) {
| System.out.println("RECEIVED: " + in);
| return in;
| }
| }
Then, I try to express that the EJB must use BASIC authentication method as
follows:
http://www.jboss.org/j2ee/dtd/jboss_4_2.dtd";>
|
| java:/jaas/JBossWS
|
| myBasicWS
|
|
|
| MyBasicWSImpl
|
|
MyBasicWSSOAP
| BASIC
|
|
|
|
In this case however, the client throws an authorization failure exception:
javax.xml.ws.soap.SOAPFaultException: Authorization failure
| at
org.jboss.ws.core.jaxws.SOAPFaultHelperJAXWS.getSOAPFaultException(SOAPFaultHelperJAXWS.java:77)
| at
org.jboss.ws.core.jaxws.binding.SOAP11BindingJAXWS.throwFaultException(SOAP11BindingJAXWS.java:107)
| at
org.jboss.ws.core.CommonSOAPBinding.unbindResponseMessage(CommonSOAPBinding.java:577)
| at org.jboss.ws.core.CommonClient.invoke(CommonClient.java:381)
| at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:291)
| at
org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:170)
| at
org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:150)
| at $Proxy19.echo(Unknown Source)
| at test.TestBasicWS.basicAuthTest(TestBasicWS.java:41)
On the server side, I see this:
15:41:47,349 ERROR [RoleBasedAuthorizationInterceptor] Insufficient
permissions, principal=null, requiredRoles=[friend], principalRoles=[]
| 15:41:47,349 ERROR [SOAPFaultHelperJAXWS] SOAP request exception
| javax.ejb.EJBAccessException: Authorization failure
| at
org.jboss.ejb3.security.RoleBasedAuthorizationInterceptor.invoke(RoleBasedAuthorizationInterceptor.java:120
Apparently, JBoss disregards the BASIC-auth and does NOT assign a principal to
the session. Therefore the role-based authenticator denies access to the method
(as it should).
Apparently, my jboss.xml does not tell JBoss to associate basic-auth with the
published web service. I was suspicious of what I should put in the
"port-component-name" value. Supposedly, the documentation says: Maps to the
port-component-name in the webservices.xml descriptor. However, I do not use a
webservices.xml file but use the @WebService annotation instead.
In the code above I use the value for the "portName" attribute of @WebService
but I also tried the ejb-name (MyBasicWSImpl) and the serviceName (MyBasicWS)
with no luck.
Any clues as to how I can achieve this while keeping the code JBoss-clear?
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4171766#4171766
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4171766
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user
