-
1. Re: Seam 2.x, Webservice Security
shane.bryzak Jan 29, 2008 5:58 AM (in response to estahn)Does it work if you put the @Restrict(s) in the remote interface instead?
-
2. Re: Seam 2.x, Webservice Security
estahn Jan 29, 2008 7:42 AM (in response to estahn)Hi Shane,
thanks for your reply. It doesn't work either if i put it in the remote interface.
Any other ideas?
Enrico -
3. Re: Seam 2.x, Webservice Security
shane.bryzak Jan 29, 2008 8:48 AM (in response to estahn)I just tested this by putting a @Restrict in the seamBay example in AuctionService.listCategories() then calling the web service via the test page in the seam-bay app.
@WebMethod @Restrict("#{s:hasRole('admin')}") public Category[] listCategories()
This successfully returned the following SOAP fault when I tried to invoke the method without logging in:<env:Envelope xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'> <env:Header></env:Header> <env:Body> <env:Fault xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'> <faultcode>env:Server</faultcode> <faultstring>org.jboss.seam.security.NotLoggedInException</faultstring> </env:Fault> </env:Body> </env:Envelope>
I'm guessing that you probably have a configuration problem somewhere. I would start by comparing your project to seamBay to see if there's any obvious configuration differences. -
4. Re: Seam 2.x, Webservice Security
shane.bryzak Jan 29, 2008 8:52 AM (in response to estahn)Silly me! I also forgot to mention that if you want the security interceptors to work, your web service class needs to be a Seam component :) (give it a @Name)
-
5. Re: Seam 2.x, Webservice Security
estahn Feb 14, 2008 5:03 AM (in response to estahn)Hi Shane,
thanks for all your efforts and sorry for the delay. Actually, I don't know where I have to search the error. Everythink works well except the SOAP method security. The seambay example don't help me either because the files at all looks like the ones I have in my project. I created a test project with Eclipse. I would appreciate if you could have a look and tell me what's wrong. My workstation is running with the following configuration:
JBoss AS v4.2
Seam 2.0
JDK 1.5
http://blog.enricostahn.com/uploads/TestSeamWebserviceSecurity-ear.ear
http://blog.enricostahn.com/uploads/TestSeamWebserviceSecurity-ds.xml
I use soapUi to send the following request to the method test() (http://127.0.0.1:8080/TestSeamWebserviceSecurityWS/TestSeamWebserviceSecurityService?wsdl ).
Enrico -
6. Re: Seam 2.x, Webservice Security
estahn Feb 14, 2008 11:54 AM (in response to estahn)Seems that I have used the wrong version of Seam (Seam 2.0.0.GA).
Release Notes - JBoss Seam - Version 2.0.1.CR1
** Bug
* [JBSEAM-2238] - SecurityInterceptor not invoked for Web Service requests
Will check that out tomorrow.