Using the documentation's ejb-security-plus example, I deployed TestLoginModule, with debug code printed in executed phase.
When calling the SecuredEJB Method from the RemoteClient, the below TestLoginModule Code gets executed correctly.
However !!! when calling a @Webservice from a SOAPUI , this login module does not get executed. ! ?
STANDALONE.XML
==================
<security-domain name="jbossws" cache-type="default">
<authentication>
<login-module name="DelegationLoginModule" code="org.jboss.as.quickstarts.ejb_security_plus.TestLoginModule" flag="optional">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
<login-module code="Remoting" flag="optional">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
<login-module code="RealmDirect" flag="required">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
</authentication>
</security-domain>
JBossWeb.XML
===========================
<!DOCTYPE jboss-web>
<jboss-web>
<context-root>myapp</context-root>
<security-domain>jbossws</security-domain>
<!-- security-domain>other</security-domain -->
</jboss-web>
EJB
==========================
@Stateless
@Remote(RemoteInt.class)
@RolesAllowed({ "guest" })
@WebService
public class SecuredEJB
WEB.xml
=============================
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>RealmUsersRoles</realm-name>
</login-config>
</web-app>
Does anybody know why the custom login module does not get executed when called from SOAPUI . (When calling as a webservice) ?