1 Reply Latest reply on Jun 12, 2006 12:15 AM by thomas.diesler

Why I need jboss-web.xml to make security works?

javerog May 31, 2006 8:25 PM

Hi there.

I'm getting involved with the web services security

From the wiki I use a simple security configuration example, and deployed my web service.

Just to be sure that it works, I ran a client with no security configuration, expecting to get an exception, but surprisingly this didn't happen, the client works just fine.

After some comparations between examples and my code I realized that I was missing the jboss-web.xml on my secured web service whit the next config:

<jboss-web>

<webservice-description>
<webservice-description-name>ProfileService</webservice-description-name>
<config-name>Standard Secure Endpoint</config-name>
</webservice-description>

</jboss-web>

I just added this file to my war file and it works as I expected, when I ran my client I got an java.rmi.RemoteException saying : "Call invocation failed with code [InvalidSecurity]..."

So this seems normal since my client doesn't have the security configuration.

The question is, why I need the jboss-web.xml in order to make the security works?

The web-service-description and config-name doesn't seem to be related to anything in my deployment file, in fact, the names that I put have nothing to do with my components or other config files.

1. Re: Why I need jboss-web.xml to make security works?

thomas.diesler Jun 12, 2006 12:15 AM (in response to javerog)

Yes, this needs to be fixed. Thanks for reporting

http://jira.jboss.com/jira/browse/JBWS-979
Actions