Hi guys,
I have a seam application that exposes a WebService:
@Stateless @RemoteBinding(jndiBinding = "Test") @WebService() @SOAPBinding(style = Style.RPC) @Remote(TestWsRemoteInterface.class) public class TestWs implements TestWsRemoteInterface { @PersistenceContext() private EntityManager entityManager; @WebMethod public int method1(bla bla) { .... } .... }
Now I need to secure the methods, that is only authorized users should call them. Userid and password would be sufficient and I don't need any encryption.
Following this document:
http://community.jboss.org/wiki/JBossWS-Authentication
I changed my Web Service as follows:
@Stateless @RemoteBinding(jndiBinding = "Test") @WebService() @SOAPBinding(style = Style.RPC) @Remote(TestWsRemoteInterface.class) @SecurityDomain("JBossWS") @RolesAllowed("friend") public class TestWs implements TestWsRemoteInterface { ... }
Authentication doesn't work, since I am still able to call the web service's methods without any restriction. Likely I am using the wrong configuration.
Can anyone provide me a configuration document / example ?
Thank you in advance
Fab