-
1. Re: JAAS Security Login with JBossWS
cbax007 Apr 7, 2006 5:33 PM (in response to cbax007)Does anyone have any thoughts on this issue? It's a bit pressing and I would appreciate any advice from anyone out there.
-
2. Re: JAAS Security Login with JBossWS
dave2 Apr 10, 2006 6:48 AM (in response to cbax007)The best way to do this might be to use a handler:
http://labs.jboss.com/portal/jbossws/user-guide/en/html/headers-handlers.html#handlers -
4. Re: JAAS Security Login with JBossWS
cbax007 Apr 25, 2006 1:07 PM (in response to cbax007)Ya, I followed all of these steps and it did not work. It was working in JBoss 4.0.3 SP1 but it no longer works in JBoss 4.0.4.CR2. I'm using EJB3, so I'm setting up my security via annotations, but it should not matter. Here is some code from my bean:
@Stateless @SecurityDomain("dbms") @RolesAllowed("dbmsuser") public class InventoryInfoBean implements InventoryInfo
The call initially goes through a POJO Java Service Endpoint because you did not yet have support for EJB3 service endpoints. That POJO endpoint uses JNDI to look up the EJB from above and passes the call to it. In my client, I do the following on the Stub object:stub._setProperty(Stub.USERNAME_PROPERTY, user); stub._setProperty(Stub.PASSWORD_PROPERTY, password);
And this all worked in JBoss 4.0.3 SP1 but no longer in 4.0.4CR2. Can someone please verify that this will work with the new JBossWS? Thanks. -
5. Re: JAAS Security Login with JBossWS
cbax007 Apr 27, 2006 12:40 PM (in response to cbax007)Has anyone got this to work with JBoss 4.0.4.CR2? I want to be sure that this works with the GA release so that we can go live on it. Thomas, are you still watching this thread?
-
6. Re: JAAS Security Login with JBossWS
anil.saldhana Apr 27, 2006 4:32 PM (in response to cbax007)Have you enabled tracing on the server side to debug this:
http://wiki.jboss.org/wiki/Wiki.jsp?page=SecurityFAQ step 4.
Check the logs to see if there is any security activity on the server side.
Then follow Thomas's link from the user guide. -
7. Re: JAAS Security Login with JBossWS
cbax007 Apr 27, 2006 5:23 PM (in response to cbax007)No, I have not tried adding debug tracing, but I did add a soap message hander to the service so I could see the inbound soap message. The message no longer contained any security information in the soap header as it previously did when using Axis. The classes that get used on the client side to generate the request soap message are different with JBossWS, so is it possible that this piece, implementing stub._setProperty(String,String), may not have been tested with JBossWS. I know for sure that when using the Axis ws4ee-client classes, when you call stub._setProperty(String,String), it added security related information to the soap header. I just can't seem to get this to happen with JBossWS.
-
8. Re: JAAS Security Login with JBossWS
thomas.diesler Apr 29, 2006 1:13 PM (in response to cbax007)The EndpointMetaData supports
public void setAuthMethod(String authMethod) { this.authMethod = authMethod; } public void setTransportGuarantee(String transportGuarantee) { this.transportGuarantee = transportGuarantee; }
which are only called fromJSR109ServerMetaDataBuilder
That means the generated web.xml will only contain these security settings for JSR109 EJB endpoints when you define them in jboss.xml
http://jira.jboss.com/jira/browse/JBWS-865 -
9. Re: JAAS Security Login with JBossWS
cbax007 May 4, 2006 5:08 PM (in response to cbax007)Keep in mind, I'm not using an EJB endpoint. My endpoint is a POJO and it then calls the secure session bean. Will that make a difference in your fix?
-
10. Re: JAAS Security Login with JBossWS
thomas.diesler May 9, 2006 3:06 AM (in response to cbax007)No, it would not make a difference. It is the callers resposibility to provide the correct security credentials.
Maybe your POJO endpoint is not secured, then of course there is no security context that can automatically be propagated to the EJB layer.