0 Replies Latest reply on May 6, 2015 4:55 AM by Sergiu Pienar

    WebServices returning 403 Forbidden

    Sergiu Pienar Apprentice

      I have a web-service that is derived from a SLSB.

      The class has the following annotations:

       

      @Stateless

      @TransactionAttribute(TransactionAttributeType.REQUIRED)

      @Local({ ConfigLocal.class })

      @Remote({ ConfigRemote.class })

      @WebService(name = "ConfigService", serviceName = "ConfigService")

      @WebContext(contextRoot = "/service", urlPattern = "/ConfigService", secureWSDLAccess = false, authMethod = "BASIC", transportGuarantee = "NONE")

      @SecurityDomain(value = "myRealm")

       

       

      In it there is a single method annotated like this:

       

        @EjbInterface(type = EjbInterface.Type.BOTH)

        @TransactionAttribute(TransactionAttributeType.NOT_SUPPORTED)

        @RolesAllowed({ "VI_INTERNAL_SYSTEM" })

        public String getVersion() {

             return Config.getInstance().getSixDVersion();

        }

       

      The web-service subsystem is defined as such:

       

           <subsystem xmlns="urn:jboss:domain:webservices:1.2">

                  <modify-wsdl-address>true</modify-wsdl-address>

                  <wsdl-host>${jboss.bind.address:127.0.0.1}</wsdl-host>

                  <endpoint-config name="Standard-Endpoint-Config"/>

                  <endpoint-config name="Recording-Endpoint-Config">

                      <pre-handler-chain name="recording-handlers" protocol-bindings="##SOAP11_HTTP ##SOAP11_HTTP_MTOM ##SOAP12_HTTP ##SOAP12_HTTP_MTOM">

                          <handler name="RecordingHandler" class="org.jboss.ws.common.invocation.RecordingServerHandler"/>

                      </pre-handler-chain>

                  </endpoint-config>

              </subsystem>

       

      and the realm "myRealm" is defined:

       

      <security-domain name="myRealm" cache-type="default">

        <authentication>

        <login-module code="com.myBiz.login.LoginModule" flag="required">

        <module-option name="dsJndiName" value="java:jboss/datasources/myDS"/>

        <module-option name="hashAlgorithm" value="SHA"/>

        <module-option name="hashEncoding" value="BASE64"/>

        <module-option name="principalsQuery" value="SELECT ...."/>

        <module-option name="rolesQuery" value="SELECT ...."/>

        <module-option name="unauthenticatedIdentity" value="guest"/>

        </login-module>

        <login-module code="Remoting" flag="optional">

        <module-option name="password-stacking" value="useFirstPass"/>

        </login-module>

        </authentication>

      </security-domain>

       

      The problem I'm facing is that every time I try to consume this web-service I'm getting a 403 Forbidden response.

       

      Any ideas on what I'm doing wrong ?