0 Replies Latest reply on Jan 30, 2012 10:44 AM by method_ben_qc

    SecurityDomain - @RolesAllowed annotation doesn't work.

    method_ben_qc Newbie



      I have an EJB-based Web Service like this:


      import javax.ejb.Stateless;

      import javax.jws.WebMethod;

      import javax.jws.WebParam;

      import javax.jws.WebService;

      import org.jboss.ejb3.annotation.SecurityDomain;

      import org.jboss.ws.api.annotation.WebContext;

      import javax.annotation.security.RolesAllowed;


      @Stateless(name = "TestService")

      @SecurityDomain(value = "WebServiceDatabaseAuth")

      @WebContext(contextRoot = "/internal/MyDomain", urlPattern = "/TestService", authMethod = "BASIC", transportGuarantee = "NONE", secureWSDLAccess = true)

      @WebService(serviceName = "TestService", targetNamespace = "urn:com:mytest:si")

      @RolesAllowed( { "Role1","Role2" })


      public class TestServiceBean



           @RolesAllowed( { "Role1" })

           public void testMethod()





      I have two users:


      - user1 who has role Role1 then he can access to the WSDL and the method.

      - user2 who has role Role2 then he can access to the WSDL only.


      If I call the wsdl (http://localhost:8080/internal/MyDomain/TestService?WSDL) with user1, I can access to the wsdl definition and call testMethod(). But if I call the wsdl with user2, I get a HTTP Status 403 - Access to the requested resource has been denied. I'm not able to get the wsdl definition if I use the user2 and I don't understand why? I'm migrating from JBoss 4.2.3 to 7.0.2 and I didn't have this problem before. I double checked my security subsystem configuration in my standalone.xml and every thing is ok. I think the authentication is good but the authorization doesn't seem to work correctly.


      But, if I change @RolesAllowed of testMethod() to:



           @RolesAllowed( { "Role1", "Role2" })

           public void testMethod()




      Then I can get the wsdl definition with user2.


      Anybody have an explication


      Thank you.