Did you try with username the name of the keystore and
password the password of the keyword?
Actually I have deployed a Stateless Session Bean as a
Web Service Endpoint over http and not https. I am trying
to protect the wsdl file from unauthenticated access because
examining the wsdl file can help starting a Web Service Security
related attack. Could you explain to me how you did achieve it
that authentication is required before seeing the wsdl file.
Thanks in advance,
keyword --> keystore
Folks, thanks for the replies to this issue.
I was able to get the SSL EJB endpoint to work by storing the generated .wsdl file at a separate url (a regular HTTP url) and accessing it from there in order to create my Service object. In this way, I avoided the realm authentication problems.
Then I created my Call object, using the proper SSL information and injected the realm credentials into its HTTP header just before executing the invoke() method:
Hope this helps.
I'm also experimenting with injecting the credentials into the initial Service object's HTTP header (to avoid storing the .wsdl file at a separate locatioin) but no joy so far.
By the way, the realm credentials I mentioned above have nothing to do with the SSL keystore information - these credentials have to be defined in the EJB config files (in \server\xxx\conf\props\*.properties) and directly in the bean's xdoclet code: