5 Replies Latest reply on Aug 17, 2008 6:53 AM by Kamil Demecki

    Web Service URL pattern

    Alexandros Karypidis Novice


      I have a war file that publishes a POJO web service in JBoss (using the native stack in JBoss AS 4.2.2, which is probably JBossWS 2.0.1). I am trying to restrict access to the web service to authenticated users only. Adding a security-constraint in the deployment descriptor of the war with the * (asterisk) wild-character gets the job done. However, it also restricts access to the auto-generated WSDL published by JBoss.

      This is because JBoss publishes the WSDL under the servlet prefix, adding a ?wsdl parameter. For instance:


      The above causes the web service to be published under:

      and the WSDL is published under

      As a result, clients that try to access the stub generated with wsimport have a problem accessing the WSDL and fail. I need to keep a copy of the WSDL on the client for things to work as follows:

      URL wsdlURL = Launcher.class.getResource("MyTestWS.wsdl");
      // URL wsdlURL = new URL("http://localhost:8080/MyTestWS?wsdl"); // does not work
       QName serviceName = new QName("...",
       MyTestWSService rss = new MyTestWSService(wsdlURL,
       MyTestWS rs = rss.getMyTestWSPort();
       BindingProvider bp = (BindingProvider) rs;
       String t = rs.secureHello();

      The client is able to log in and access the MyTestWS web service when using a local copy of the WSDL only. How can I avoid this? I would like to have the client access the WSDL from the server. I need a way to either:

      1) publish the WSDL in another URL
      2) restrict access to the web service URL but put an exception for URL?wsdl
      3) set the login credentials earlier (as I do with BindingProvider) so that the WSDL can be accessed to construct the stub.

      I don't know how to do any of the above....