Web Service authentication

fabboco Apr 23, 2010 1:31 PM

Hi guys,

I have a seam application that exposes a WebService:

@Stateless
@RemoteBinding(jndiBinding = "Test")
@WebService()
@SOAPBinding(style = Style.RPC)
@Remote(TestWsRemoteInterface.class)
public class TestWs implements TestWsRemoteInterface
{

     @PersistenceContext()
     private EntityManager     entityManager;

     @WebMethod
     public int method1(bla bla)
     {
           ....
        }

        ....
}

Now I need to secure the methods, that is only authorized users should call them. Userid and password would be sufficient and I don't need any encryption.

Following this document:

http://community.jboss.org/wiki/JBossWS-Authentication

I changed my Web Service as follows:

@Stateless
@RemoteBinding(jndiBinding = "Test")
@WebService()
@SOAPBinding(style = Style.RPC)
@Remote(TestWsRemoteInterface.class)
@SecurityDomain("JBossWS")
@RolesAllowed("friend")
public class TestWs implements TestWsRemoteInterface
{
...
}

Authentication doesn't work, since I am still able to call the web service's methods without any restriction. Likely I am using the wrong configuration.

Can anyone provide me a configuration document / example ?

Thank you in advance

Fab