1 Reply Latest reply on Sep 24, 2009 11:30 AM by Shawn Kerstetter

    Cannot Access Secure EJB3 Web Service

    Shawn Kerstetter Newbie

      I have a web service that worked fine in AS 4.2.1GA, but since porting to 5.1.0GA, I have been unable to access it if it is secure. If I remove authMethod=BASIC setting of the WebContext, I can access the ejb, but it is not secure.

      I am using the native stack, version 3.2.0GA.

      Here is my interface definition (simplified):

      @WebService
      @SOAPBinding(style = SOAPBinding.Style.RPC)
      public interface Inquiry {
      
       String echo(@WebParam(name="echoText", mode=Mode.IN) String echoText);
      


      Here is my EJB3 definition:
      @WebService(endpointInterface="com.foo.Inquiry")
      @WebContext(contextRoot="check-inquiry", /* SEK TODO: not working */ authMethod="BASIC" /**/, secureWSDLAccess=false)
      @Stateless
      @SecurityDomain("my-security-domain")
      @TransactionAttribute(TransactionAttributeType.SUPPORTS) //we do not require a transaction. we do not perform any updates.
      @Interceptors({PerformanceProfiler.class, ExceptionLogger.class})
      public class InquiryImpl extends BasePersistentContextHolder implements Inquiry {
      
       @Override
       public String echo(final String echoText) {
       getLog().debug("echo=[" + echoText+ "]");
       return echoText;
       }
      


      Here is my jax-rpc client code:
       private Inquiry getService(final String username, final String password, final boolean withAuth) throws MalformedURLException, ServiceException {
       Stub stub = (Stub) new InquiryService_Impl().getInquiryPort();
       stub._setProperty(javax.xml.rpc.Stub.ENDPOINT_ADDRESS_PROPERTY, "http://localhost:8080/check-inquiry/InquiryImpl?wsdl");
      
      
       if (withAuth) {
       stub._setProperty(javax.xml.rpc.Stub.USERNAME_PROPERTY, username);
       stub._setProperty(javax.xml.rpc.Stub.PASSWORD_PROPERTY, password);
       }
      
       return (Inquiry) stub;
       }
      


      Let's see, I've got the custom security domain configured in conf/login-config.xml. I've read through the documentation and tried a number of things with other configuration files, like jboss-wsse-server.xml in META-INF. Nothing has worked. I am deploying as an ejb-jar file inside of an ear file.

      I'm hoping that someone can see some inconsistency in this all that I have missed.