0 Replies Latest reply on Apr 23, 2010 1:31 PM by Fabrizio Boco

    Web Service authentication

    Fabrizio Boco Newbie

      Hi guys,


      I have a seam application that exposes a WebService:




      @Stateless
      @RemoteBinding(jndiBinding = "Test")
      @WebService()
      @SOAPBinding(style = Style.RPC)
      @Remote(TestWsRemoteInterface.class)
      public class TestWs implements TestWsRemoteInterface
      {
      
           @PersistenceContext()
           private EntityManager     entityManager;
      
           @WebMethod
           public int method1(bla bla)
           {
                 ....
              }
      
              ....
      }



      Now I need to secure the methods, that is only authorized users should call them. Userid and password would be sufficient and I don't need any encryption.


      Following this document:


      http://community.jboss.org/wiki/JBossWS-Authentication


      I changed my Web Service as follows:




      @Stateless
      @RemoteBinding(jndiBinding = "Test")
      @WebService()
      @SOAPBinding(style = Style.RPC)
      @Remote(TestWsRemoteInterface.class)
      @SecurityDomain("JBossWS")
      @RolesAllowed("friend")
      public class TestWs implements TestWsRemoteInterface
      {
      ...
      }
      



      Authentication doesn't work, since I am still able to call the web service's methods without any restriction. Likely I am using the wrong configuration.


      Can anyone provide me a configuration document / example ?


      Thank you in advance


      Fab