The first thing you will need to do is define the security domain in the jboss-web.xml file (the one in the jboss-net.war)
then if you are using xDoclet, you will need to add a tag to your session bean
@jboss-net.authentication domain="WhichEverDomainYouHaveDefined"
if you are not using xDoclet you will have to add to your web-service.xml (in the requestFlow portion of the service definition) the JBossAuthenticationHandler. It looks something like this:
<requestFlow name="AuthenticationRequest">
<handler type="java:org.jboss.net.axis.server.JBossAuthenticationHandler">
<parameter name="securityDomain" value="java:/jaas/WhichEverDomainYouHaveDefined"/>
<parameter name="validateUnauthenticatedCalls" value=""/>
</handler>
</requestFlow>
This is definitely not too cutting edge, as I (and others) have had it working in production for over a year now.
you might also want to read this primer:
http://www.nsdev.org/jboss/stories/jboss-net.html
hope this helps
-jason
On Oct 31, 2003, at 9:25 AM, Bates, Alex wrote:
I am having a strange problem trying to expose secured EJBs as web services
in JbossNet (using Jboss 3.2.1). Everything deploys fine. But when I call
one of the web service methods, I get this exception (intermittently):
javax.ejb.EJBException: checkSecurityAssociation; CausedByException is: Authentication exception, principal=null
Is anyone else on the planet trying to expose secured EJBs as web services?
(or EJBs that must use secured EJBs)? Or is this too cutting edge?
*I thought the JSR Web Services for J2EE said it was excluding security, so
don't know why JBossNet is trying to enforce security in the web service
layer (no way for web service client to establish security context!)
-Alex
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
