I want to secure my SOAP webservice with basic authentication. I searched in the knowledgebase and found this:
https://cwiki.apache.org/GMOxKB/how-do-i-enable-security-for-ejb-web-service.html So I tried and added that to my configuration, this is part my openejb-jar.xml <ejb:enterprise-beans> <ejb:session> <ejb:ejb-name>loggers-rpc</ejb:ejb-name> <ejb:web-service-security> <ejb:security-realm-name>geronimo-admin</ejb:security-realm-name> <ejb:transport-guarantee>NONE</ejb:transport-guarantee> <ejb:auth-method>BASIC</ejb:auth-method> <ejb:http-method>POST</ejb:http-method> <ejb:http-method>PUT</ejb:http-method> </ejb:web-service-security> </ejb:session> </ejb:enterprise-beans> It gave me an error "Ejb app has method permissions but no security configuration supplied in geronimo plan", so after searching around for a while i found an answer (this should be mentioned and explained in that same wiki page), so i added the following to openejb-jar.xml: <sec:security> <sec:role-mappings> <sec:role role-name="admin"> <sec:principal name="admin" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/> </sec:role> </sec:role-mappings> </sec:security> and added the following to my service: @Stateless @RolesAllowed("admin") public class RegisterBean extends BaseService implements Register { .... } The service deploys well, when I try to call it (using the soapui generic client) it with no user/password it fails (as it should), but when I use username/password it also fails. I don't know what Im missing. Can anyone give me any ideas? -- View this message in context: http://apache-geronimo.328035.n3.nabble.com/Secure-WebService-with-BASIC-Authentication-tp1354513p1354513.html Sent from the Users mailing list archive at Nabble.com.