Hi guys,
I have a seam application that exposes a WebService:
@Stateless
@RemoteBinding(jndiBinding = "Test")
@WebService()
@SOAPBinding(style = Style.RPC)
@Remote(TestWsRemoteInterface.class)
public class TestWs implements TestWsRemoteInterface
{
@PersistenceContext()
private EntityManager entityManager;
@WebMethod
public int method1(bla bla)
{
....
}
....
}
Now I need to secure the methods, that is only authorized users should call them. Userid and password would be sufficient and I don't need any encryption.
Following this document:
http://community.jboss.org/wiki/JBossWS-Authentication
I changed my Web Service as follows:
@Stateless
@RemoteBinding(jndiBinding = "Test")
@WebService()
@SOAPBinding(style = Style.RPC)
@Remote(TestWsRemoteInterface.class)
@SecurityDomain("JBossWS")
@RolesAllowed("friend")
public class TestWs implements TestWsRemoteInterface
{
...
}
Authentication doesn't work, since I am still able to call the web service's methods without any restriction. Likely I am using the wrong configuration.
Can anyone provide me a configuration document / example ?
My environment is jboss 5.1.0, seam 2.2.0.GA.
Thank you in advance
Fab