1 Reply Latest reply on Jun 12, 2006 12:15 AM by Thomas Diesler

    Why I need jboss-web.xml to make security works?

    Gustavo Amador_Rios Newbie

      Hi there.

      I'm getting involved with the web services security

      From the wiki I use a simple security configuration example, and deployed my web service.

      Just to be sure that it works, I ran a client with no security configuration, expecting to get an exception, but surprisingly this didn't happen, the client works just fine.

      After some comparations between examples and my code I realized that I was missing the jboss-web.xml on my secured web service whit the next config:

      <jboss-web>
      
      <webservice-description>
      <webservice-description-name>ProfileService</webservice-description-name>
      <config-name>Standard Secure Endpoint</config-name>
      </webservice-description>
      
      </jboss-web>
      


      I just added this file to my war file and it works as I expected, when I ran my client I got an java.rmi.RemoteException saying : "Call invocation failed with code [InvalidSecurity]..."

      So this seems normal since my client doesn't have the security configuration.

      The question is, why I need the jboss-web.xml in order to make the security works?

      The web-service-description and config-name doesn't seem to be related to anything in my deployment file, in fact, the names that I put have nothing to do with my components or other config files.