6 Replies Latest reply on Feb 14, 2008 11:54 AM by Enrico Stahn

    Seam 2.x, Webservice Security

    Enrico Stahn Newbie

      Hi,

      how do i restrict access to webservice methods? I tried to add "@Restrict("#{identity.loggedIn}")" before "createTest", but if i test this with an soap client (e.g. soap ui) i getting no SOAP Exception or something else. It will return the the string "done".

      Any ideas?

      Enrico

      package org.domain.webservices;
      
      import javax.ejb.Stateless;
      import javax.jws.WebMethod;
      import javax.jws.WebParam;
      import javax.jws.WebService;
      
      import org.jboss.seam.annotations.security.Restrict;
      import org.jboss.seam.security.Identity;
      import org.jboss.wsf.spi.annotation.WebContext;
      
      @Stateless
      @WebContext(contextRoot="/TestWS")
      @WebService(name = "TestService", serviceName = "TestService")
      public class TenderNoticeCollectorService implements TenderNoticeCollectorServiceRemote
      {
       @WebMethod
       public boolean login(@WebParam(name="username") String username, @WebParam(name="password") String password) {
       Identity.instance().setUsername(username);
       Identity.instance().setPassword(password);
       Identity.instance().login();
       return Identity.instance().isLoggedIn();
       }
      
       @WebMethod
       public boolean logout() {
       Identity.instance().logout();
       return !Identity.instance().isLoggedIn();
       }
      
       @WebMethod
       @Restrict("#{identity.loggedIn}")
       public String createTest(@WebParam(name="title") String title)
       {
       return "done";
       }
      }