Hi
I'm looking forward to expose secured EJB webservice endpoint. My EJB is protected with JAAS security domain (DatabaseLoginModule with ClientLoginModule works fine). I'm able to deploy EJB as a webservice using annotations. All works really well. When i call webservice within a client code i can call EJB WebMethods that has @PermitAll annotation. My problem occurs with methods that are allowed only for JAAS authorized users (@RolesAllowed({...})). When i call such a method i recive
Caused by: java.lang.SecurityException: Insufficient permissions, principal=null, requiredRoles=[showKlient], principalRoles=[]
You need to use the port-component tags in the jboss.xml descriptor. You need to set the auth-method to CLIENT-CERT. See this wiki entry:
[url]http://wiki.jboss.org/wiki/Wiki.jsp?page=WS4EESecureEndpoint[/ur]
-Jason