I'm trying to implement ws security authentication on a Web Service deployed on JBoss 5.1
Username, password and roles are stored in a Postgre sql database (Tables: Users(username,password), UserRoles(username,roles)).
So I start with a simple Web Service and it's client without any security.
Then I insert on login-config.xml the follow entry:
<application-policy name="TestSecurity">
<authentication>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag="required">
<module-option name="dsJndiName">java:/TestWSSecurityDS</module-option>
<module-option name="principalsQuery">select passwd from "public"."Users" where username = ? </module-option>
<module-option name="rolesQuery">select userroles AS Roles from "public"."UserRoles" where username = ? </module-option>
</login-module>
</authentication>
</application-policy>
On Web Service web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name> TestWs </web-resource-name>
<url-pattern>/TestWs</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>TestSecurity</realm-name>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
On Web Service jboss-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>java:/jaas/TestSecurity</security-domain>
</jboss-web>
On client I use BindingProvider to set username and password of an admin user.
But when I run the client it don't work and throw: com.sun.xml.ws.client.ClientTransportException: request requires HTTP authentication: Unauthorized
Why ? Where is the problem ?
Ok now it work !!!
The statement sql was wrong...