0 Replies Latest reply on Mar 3, 2014 1:11 PM by Frank Langelage

    Secure SOAP-WebServices?

    Frank Langelage Master

      Currently my ear-application provides web-services unsecured, only used for internal purposes by our web-application.

      Now we have the requirement, that other's want to use certain web-services which therefore should be secured.

      Where is a good explanation how to this using WildFly?


      I started adding security-constraint, security-role and login-config to the web.xml of the web-services module like I already did for the web-application.

      <web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"

























      Accessing the web-service ends up in HTTP 401 Unauthorized which shows that security is working.

      Caused by: java.io.IOException: Server returned HTTP response code: 401 for URL: http://os-sol10:8080/mbi-ws/mbi2e-gp3/sales/SalesOrderFindWS?wsdl                                                                                                                 


      But this happens already in the constructor of the web-service client. How can I add credentials or make the lookup of the wsdl insecure?

      For access the use of a binding provider is the right way like shown below?


      public class SalesOrderFindService extends Service



      public SalesOrderFindWSI getSalesOrderFindWSPort()
          SalesOrderFindWSI wsi = this.getPort( new QName( "http://sales.ws.fn.mbisoftware.biz/", "SalesOrderFindWSPort" ), SalesOrderFindWSI.class );
          BindingProvider bindingProvider = (BindingProvider)wsi;
          bindingProvider.getRequestContext().put( BindingProvider.USERNAME_PROPERTY, "..." );
          bindingProvider.getRequestContext().put( BindingProvider.PASSWORD_PROPERTY, "......" );
          return wsi;




      @SOAPBinding(style = SOAPBinding.Style.RPC)

      public interface SalesOrderFindWSI




      @WebService(endpointInterface = "biz.mbisoftware.fn.ws.sales.SalesOrderWSI", serviceName = "SalesOrderWS")

      public class SalesOrderWS implements SalesOrderWSI