5 Replies Latest reply on Feb 15, 2008 4:16 PM by Guzman Llambi­as

    WSSecureEndpoint and other security realm than JBossWS

    Jan Peter Stotz Newbie

      Hi.

      I have worked my way through the "WSSecureEndpoint-Tutorial" and it works nice.
      However I need my own security realm so I changed it and created an entry for it in the login-config.xml. But now I can not even create the service without login (access denied to the wsdl file). The given example only shows how to authenticate the endpoint call but not how to authenticate the service creation.
      BTW: I noticed that the wiki doesn't reflect the change from jboss4.0.1RC1 (<port-uri> became <port-component-uri>). The entry for <port-component-uri> in section "Using HTTP Basic Auth for security" is invalid AFAIK it now should be
      <port-component-uri>/OrganizationEndpoint/*</port-componenet-uri>
      Is this right? I thought I ask before I add more mistakes to the wiki...

      Second I noticed something wich I don't understand:
      When I try to acces the wsdl file via browser the browser login dialog appears and asks for the passwort for the "EJBServiceEndpointServlet Realm". Where the hell does this realm come from?
      I made a fulltext search for my jboss server dir and there was only one hit: in an web.xml in a .war-directory inside the temp/deploy-directory this realm was set as security-domain. It looks like JBoss created this war from the jar in wich I deployed my EJB.
      Is this a correct behaviour of jboss or is it a bug?

      Jan