Hi,
I use JBoss 3.2.3. I wrote a simple web service and a simple client in Java. And I want to protect my service using application's realm, so I added Jboss authentification and autorisation handlers to my service. When I deploy my application (ear containing war and wsr) for the first time - I get the "Access Denied" exception from JBoss autorisation handler. When I deploy for the second time my application - everything works fine.
Any Ideas ?
My web-services.xml :
<deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:xsi="http://www.w3.org/2000/10/XMLSchema-instance" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java"> <service name="TariffService" provider="java:RPC"> <parameter name="className" value="TariffService"/> <parameter name="allowedMethods" value="getTariff"/> <requestFlow name="TariffServiceRequest"> <handler type="java:org.jboss.net.axis.server.JBossAuthenticationHandler"> <parameter name="securityDomain" value="java:/jaas/pilot"/> <parameter name="validateUnauthenticatedCalls" value="false"/> </handler> <handler type="java:org.jboss.net.axis.server.JBossAuthorizationHandler"> <parameter name="securityDomain" value="java:/jaas/pilot"/> <parameter name="allowedRoles" value="user"/> <parameter name="deniedRoles" value=""/> </handler> </requestFlow> <responseFlow name="TariffServiceResponse"> </responseFlow> </service> </deployment>
public class TariffService { public int getTariff(String type) { System.out.println("Tariff service invoked: type='" + type + "'"); int result = 0; if( type.equalsIgnoreCase("AUTO") ) { result = 350; } else if( type.equalsIgnoreCase("HABITATION") ) { result = 250; } else if( type.equalsIgnoreCase("LIFE") ) { result = 200; } return result; } }