-
1. Re: Username token Profile and JAAS Authentication
cboatwright Oct 3, 2006 11:00 PM (in response to kdeboer)I may not totally be answering your question, but it may be related to something I ran into and that was assuming the generate WAR file (and I'm working with EJB3 endpoints) would contain the proper security constraints. I couldn't get the annotations to work for that, so I created the jboss-web.xml and web.xml and packaged my own WAR and it worked fine.
Look at http://www.jboss.com/index.html?module=bb&op=viewtopic&t=91699 for my post that touches on this.
I have a JAAS module doing the login and creates a Principal which my EJB3 endpoint can access. Also loads the roles so my EJB3's "@RolesAllowed" annotation is honored. -
2. Re: Username token Profile and JAAS Authentication
kdeboer Oct 4, 2006 7:21 AM (in response to kdeboer)Thanks for sharing your thoughts. But i am using webservices based upon servlets, because we use a WSDL first approach (specify the contract first with xml schema support). The generated code with WSCompile / WSTools generates servlet based endpoints. SO i am not using annotiations nor ejbs. But do you also use username profile tokens in the soap header?
If your approach works i would be very interested to know