0 Replies Latest reply on Apr 23, 2010 10:18 AM by fboco

    Web Service authentication

    fboco

      Hi guys,

       

      I have a seam application that exposes a WebService:

       

      @Stateless
      @RemoteBinding(jndiBinding = "Test")
      @WebService()
      @SOAPBinding(style = Style.RPC)
      @Remote(TestWsRemoteInterface.class)
      public class TestWs implements TestWsRemoteInterface
      {

           @PersistenceContext()
           private EntityManager     entityManager;

           @WebMethod
           public int method1(bla bla)
           {
                 ....
              }

              ....
      }

      Now I need to secure the methods, that is only authorized users should call them. Userid and password would be sufficient and I don't need any encryption.

       

      Following this document:

       

      http://community.jboss.org/wiki/JBossWS-Authentication

       

      I changed my Web Service as follows:


      @Stateless
      @RemoteBinding(jndiBinding = "Test")
      @WebService()
      @SOAPBinding(style = Style.RPC)
      @Remote(TestWsRemoteInterface.class)
      @SecurityDomain("JBossWS")
      @RolesAllowed("friend")
      public class TestWs implements TestWsRemoteInterface
      {
      ...
      }

      Authentication doesn't work, since I am still able to call the web service's methods without any restriction. Likely I am using the wrong configuration.

       

      Can anyone provide me a configuration document / example ?

       

      My environment is jboss 5.1.0, seam 2.2.0.GA.

       

      Thank you in advance

       

      Fab