Security Domain Not Recognized?
jimmy001 Jun 27, 2013 4:47 AMHello,
I am trying to secure an ejb based webservice. For this I am using a security-domain, which I am already using for a web application deployed in the same ear file.
The problem seems to be, that calling the webservice doesn't trigger the login-module for which I can't find any explanation. The Login Module prints logging data, when logging into the web application, but a WS-Call doesn't show any log entries.
I am using JBoss 7.1.0 and I am migrating the webservices from JBoss 5.1.0 if this is of any relevance.
Perhaps someone here sees something that I am missing (perhaps some configuration element for the cfx stack?). These are the relevant code fragements:
@WebService(targetNamespace = "http://www.organisation.de/demo/process", name = "ProcessServiceIntern") @WebContext(contextRoot = "demoWsIntern", authMethod = AuthMethod.BASIC, transportGuarantee = "NONE", secureWSDLAccess = false) @SOAPBinding(style = Style.DOCUMENT, parameterStyle = ParameterStyle.WRAPPED) @SecurityDomain("demoWs") @RolesAllowed("WS_Role_G") @Stateless public class ProcessServiceIntern
<security-domain name="demoWs" cache-type="default"> <authentication> <login-module code="com.organisation.auth.WebServiceLoginModule" flag="required" module="com.organisation"> <module-option name="principalClass" value="org.jboss.security.SimplePrincipal"/> <module-option name="databaseClass" value="com.microsoft.sqlserver.jdbc.SQLServerDriver"/> </login-module> </authentication> </security-domain>
ID: 14 Address: http://localhost:8080/demoWsIntern/ProcessServiceIntern?wsdl=IProcessServiceIntern.wsdl Http-Method: GET Content-Type: Headers: {Accept=[text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2], connection=[keep-alive], Content-Type=[null], host=[localhost:8080], user-agent=[Java/1.7.0_21]} -------------------------------------- 09:43:03,158 TRACE [org.jboss.security.SecurityRolesAssociation] (http--127.0.0.1-8080-1) Setting threadlocal:null 09:43:03,472 INFO [org.apache.cxf.interceptor.LoggingInInterceptor] (http--127.0.0.1-8080-1) Inbound Message ---------------------------- ID: 15 Address: http://localhost:8080/demoWsIntern/ProcessServiceIntern Encoding: UTF-8 Http-Method: POST Content-Type: text/xml;charset="utf-8" Headers: {Accept=[text/xml, multipart/related, text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2], Authorization=[Basic d3NUZXN0OdF3aW8wVGFiOGV0dA==], connection=[keep-alive], Content-Length=[255], content-type=[text/xml;charset="utf-8"], host=[localhost:8080], SOAPAction=[""], user-agent=[JAX-WS RI 2.1.3-b02-]} Payload: <?xml version='1.0' encoding='UTF-8'?><S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"><S:Body><ns2:listActiveProcessesIntern xmlns:ns2="http://process.ws.demo/"><arg0>demoUser</arg0></ns2:listActiveProcessesIntern></S:Body></S:Envelope> -------------------------------------- 09:43:03,476 ERROR [org.jboss.ejb3.invocation] (http--127.0.0.1-8080-1) JBAS014134: EJB Invocation failed on component ProcessServiceIntern for method public demo.ws.process.ProcessListResponseIntern demo.ws.process.ProcessServiceIntern.listActiveProcessesIntern(java.lang.String): javax.ejb.EJBAccessException: JBAS014502: Invocation on method: public demo.ws.process.ProcessListResponseIntern demo.ws.process.ProcessServiceIntern.listActiveProcessesIntern(java.lang.String) of bean: ProcessServiceIntern is not allowed at org.jboss.as.ejb3.security.AuthorizationInterceptor.processInvocation(AuthorizationInterceptor.java:101) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:76) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:32) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.webservices.invocation.AbstractInvocationHandlerEJB.invoke(AbstractInvocationHandlerEJB.java:112) at org.jboss.wsf.stack.cxf.JBossWSInvoker._invokeInternal(JBossWSInvoker.java:181) at org.jboss.wsf.stack.cxf.JBossWSInvoker.invoke(JBossWSInvoker.java:127)
Thx for your help.
Jimmy