Hi.
I want to know how can i solve the SOAPFaultException error that jboss send when a valid user try to access to a role that do not belong to it.
Example of code exception with a C# client
@WebContext(contextRoot = "/HeComm", transportGuarantee = "NONE", authMethod = "BASIC", secureWSDLAccess = false)
@SecurityDomain("DBLogin")
@PermitAll
@RolesAllowed({"admin", "ws"})
public class WebSecurityBean implements WebSecurity{
@WebMethod
@RolesAllowed({"admin"})
public String echoForAdministrator(String str) {
checkPrincipal();
log.debug(str);
return str;
}
@WebMethod
@PermitAll
public String echoForAll(String str) {
checkPrincipal();
log.debug(str);
return str;
}
@WebMethod
@DenyAll
public String echoForNobody(String str) {
checkPrincipal();
log.debug(str);
return str;
}
@WebMethod
@RolesAllowed({"ws"})
public String echoForUser(String str) {
checkPrincipal();
log.debug(str);
return str;
}
@WebMethod
@RolesAllowed({"ManageUsers"})
public String echoForManageUsers(String str) {
checkPrincipal();
log.debug(str);
return str;
}
}
If my C# client have invalid user or password, jboss sends a message telling that.
If my C# client hava valid user a password, jboss throws an exception in methods that are not allowed to my user role.
My user have role "ws" and if i call method echoForAdministrator or echoForNobody or echoForManageUsers I got an exception that starts like this:
ERROR [SOAPFaultHelperJAXWS] SOAP request exception
javax.ejb.EJBAccessException: Caller unauthorized
at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:199)
. . . .
In C# i got an exception that is ok, the user are not allowed to use this method, but why jboss receive an error exception from soap?
Can I do something to eliminate this exception?
I'm using JBOSS 5.10 and authentication on oracle db.
