WebServices returning 403 Forbidden
sergiu_pienar May 6, 2015 4:55 AMI have a web-service that is derived from a SLSB.
The class has the following annotations:
@Stateless
@TransactionAttribute(TransactionAttributeType.REQUIRED)
@Local({ ConfigLocal.class })
@Remote({ ConfigRemote.class })
@WebService(name = "ConfigService", serviceName = "ConfigService")
@WebContext(contextRoot = "/service", urlPattern = "/ConfigService", secureWSDLAccess = false, authMethod = "BASIC", transportGuarantee = "NONE")
@SecurityDomain(value = "myRealm")
In it there is a single method annotated like this:
@EjbInterface(type = EjbInterface.Type.BOTH)
@TransactionAttribute(TransactionAttributeType.NOT_SUPPORTED)
@RolesAllowed({ "VI_INTERNAL_SYSTEM" })
public String getVersion() {
return Config.getInstance().getSixDVersion();
}
The web-service subsystem is defined as such:
<subsystem xmlns="urn:jboss:domain:webservices:1.2">
<modify-wsdl-address>true</modify-wsdl-address>
<wsdl-host>${jboss.bind.address:127.0.0.1}</wsdl-host>
<endpoint-config name="Standard-Endpoint-Config"/>
<endpoint-config name="Recording-Endpoint-Config">
<pre-handler-chain name="recording-handlers" protocol-bindings="##SOAP11_HTTP ##SOAP11_HTTP_MTOM ##SOAP12_HTTP ##SOAP12_HTTP_MTOM">
<handler name="RecordingHandler" class="org.jboss.ws.common.invocation.RecordingServerHandler"/>
</pre-handler-chain>
</endpoint-config>
</subsystem>
and the realm "myRealm" is defined:
<security-domain name="myRealm" cache-type="default">
<authentication>
<login-module code="com.myBiz.login.LoginModule" flag="required">
<module-option name="dsJndiName" value="java:jboss/datasources/myDS"/>
<module-option name="hashAlgorithm" value="SHA"/>
<module-option name="hashEncoding" value="BASE64"/>
<module-option name="principalsQuery" value="SELECT ...."/>
<module-option name="rolesQuery" value="SELECT ...."/>
<module-option name="unauthenticatedIdentity" value="guest"/>
</login-module>
<login-module code="Remoting" flag="optional">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
</authentication>
</security-domain>
The problem I'm facing is that every time I try to consume this web-service I'm getting a 403 Forbidden response.
Any ideas on what I'm doing wrong ?