I want my service to require user authentication by using this deploy.wsdd <deployment xmlns="http://xml.apache.org/axis/wsdd/"; xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>
<service name="HelloService" provider="java:RPC"> <parameter name="className" value="my.stuff.HelloServiceServlet"/> <parameter name="allowedMethods" value="*"/> <parameter name="allowedRoles" value="role1"/> </service> <requestFlow name="checks"> <handler type="java:org.apache.axis.handlers.SimpleAuthenticationHandler"/> <handler type="java:org.apache.axis.handlers.SimpleAuthorizationHandler"/> </requestFlow> </deployment> I expected my (JAXRPC, dynamic proxy) web service client to fail when invoking a service method - with something like "authentication required". But the client still works fine, the web service method gets called and returns it's result. Hmm, is there anything more to setup to get authentication to be used/required? I could use the <security-constraint> stuff in web.xml, but for what is this "allowedRoles" parameter then? (I'm using Axis 1.2RC1) BTW: I got the impression that in Axis you can set with allowedRoles users, not roles. Is this true? Thank you! Merten
