5 Replies Latest reply on Feb 15, 2008 4:16 PM by gllambi

    WSSecureEndpoint and other security realm than JBossWS

    jjboss Jun 5, 2005 5:49 AM

      Hi.

      I have worked my way through the "WSSecureEndpoint-Tutorial" and it works nice.
      However I need my own security realm so I changed it and created an entry for it in the login-config.xml. But now I can not even create the service without login (access denied to the wsdl file). The given example only shows how to authenticate the endpoint call but not how to authenticate the service creation.
      BTW: I noticed that the wiki doesn't reflect the change from jboss4.0.1RC1 (<port-uri> became <port-component-uri>). The entry for <port-component-uri> in section "Using HTTP Basic Auth for security" is invalid AFAIK it now should be
      <port-component-uri>/OrganizationEndpoint/*</port-componenet-uri>
      Is this right? I thought I ask before I add more mistakes to the wiki...

      Second I noticed something wich I don't understand:
      When I try to acces the wsdl file via browser the browser login dialog appears and asks for the passwort for the "EJBServiceEndpointServlet Realm". Where the hell does this realm come from?
      I made a fulltext search for my jboss server dir and there was only one hit: in an web.xml in a .war-directory inside the temp/deploy-directory this realm was set as security-domain. It looks like JBoss created this war from the jar in wich I deployed my EJB.
      Is this a correct behaviour of jboss or is it a bug?

      Jan

      • 5702 Views
      • Tags:
        • 1. Re: WSSecureEndpoint and other security realm than JBossWS
          jason.greene
          jason.greene Jun 7, 2005 10:09 AM (in response to jjboss)

          Yes, this value is hardocded by the webservices layer. We currently don't offer the ability for you to change this realm. However you could always request a feature enhancement on Jira if you would like support for this. http://jira.jboss.org

          -Jason

            • Actions
          • 2. Re: WSSecureEndpoint and other security realm than JBossWS
            gllambi
            gllambi Feb 8, 2008 4:22 PM (in response to jjboss)

             

            "jason.greene@jboss.com" wrote:
            Yes, this value is hardocded by the webservices layer. We currently don't offer the ability for you to change this realm. However you could always request a feature enhancement on Jira if you would like support for this. http://jira.jboss.org

            -Jason


            If is true that you can't create domains in the context of WS-Security and EJB endpoints, could someone document it. I've been stucked with this problem for two days because I've created a realm.

            If I use JBossWS realm it works fine. Instead, the error I've got is a 401 not authorized.

            Thank you very much!

            Guzman

              • Actions
            • 3. Re: WSSecureEndpoint and other security realm than JBossWS
              gllambi
              gllambi Feb 8, 2008 4:33 PM (in response to jjboss)

              Forgot to say I'm in an interoperability scenario with a WCF client and a JBossWS service. With a Java Client and Java service it works fine with other realm than JBossWS.

              Guzman

                • Actions
              • 4. Re: WSSecureEndpoint and other security realm than JBossWS
                asoldano
                asoldano Feb 11, 2008 6:23 AM (in response to jjboss)

                 

                "gllambi" wrote:
                "jason.greene@jboss.com" wrote:
                Yes, this value is hardocded by the webservices layer. We currently don't offer the ability for you to change this realm. However you could always request a feature enhancement on Jira if you would like support for this. http://jira.jboss.org

                -Jason


                If is true that you can't create domains in the context of WS-Security and EJB endpoints, could someone document it. I've been stucked with this problem for two days because I've created a realm.

                If I use JBossWS realm it works fine. Instead, the error I've got is a 401 not authorized.

                Thank you very much!

                Guzman


                Even if you actually can't change the realm name, you can of course use/define different security domains (@SecurityDomain("...")). If this is not enough for your usecase, feel free to create a jira feature request.

                  • Actions
                • 5. Re: WSSecureEndpoint and other security realm than JBossWS
                  gllambi
                  gllambi Feb 15, 2008 4:16 PM (in response to jjboss)

                  sorry, maybe this is a basic question, but I'm new with security concepts in java. What's the difference between realm and security domain?

                  thanks
                  Guzman

                    • Actions