2 Replies Latest reply on Apr 9, 2008 12:54 AM by thomas.diesler

    Basic Authentication

    jmoring Apr 1, 2008 7:35 PM

      I have a custom login module that works just fine on non-web service applications. However on web service (EJB endpoint) it is called just fine but the callback handler for the user name always returns null. I have tried annotations (@SecurityDomain, @WebContext) and I have tried using a jboss.xml but nothing seems to work.

      I have verified that the .NET 2.0 and/or .NET 3.5 client is sending the Authorization http header.

      What is the secret here!!!!


      package com.xxxxxxxx.ws.autopilot;

      import javax.annotation.security.*;
      import javax.ejb.*;
      import javax.jws.*;
      import javax.jws.soap.*;
      import org.jboss.annotation.security.*;
      import org.jboss.ws.annotation.*;

      @Stateless
      @SecurityDomain(value="MyLoginModule")
      @WebService
      (
      name="Autopilot",
      targetNamespace = "http://opas.xxxxxxxxx.net/Xxxxxxxxxxxx",
      serviceName = "AutopilotService"
      )
      @RolesAllowed("Everyone")
      @SOAPBinding(parameterStyle = SOAPBinding.ParameterStyle.BARE)
      @WebContext(contextRoot="/Autopilot", urlPattern="/*", authMethod="BASIC", transportGuarantee="NONE", secureWSDLAccess=false)
      public class Autopilot
      {

      @WebMethod
      @PermitAll
      public String ping( String Value )
      {
      return Value.toUpperCase();
      }


      }

      • 2012 Views
      • Tags:
        • 1. Re: Basic Authentication
          jmoring Apr 7, 2008 11:00 AM (in response to jmoring)

          OK no replies. That either means that I posed a very stupid question or that no one know the answer. After poking around a little it appears that the web.xml that is generated in the background has no security constraint section. I don't know if that is pertinent or not. This should not be this difficult

            • Actions
          • 2. Re: Basic Authentication
            thomas.diesler
            thomas.diesler Apr 9, 2008 12:54 AM (in response to jmoring)

            The generated web.xml should have a security constraint section.

            In our testssuite, we have

            //We're declaring the domain in the jboss.xml since we have different annotation packages for AS5 and AS42
//@SecurityDomain("JBossWS")
@RolesAllowed({"friend"})


            http://jira.jboss.org/jira/browse/JBWS-2107

              • Actions