[
https://issues.apache.org/jira/browse/GERONIMO-4015?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jarek Gawor updated GERONIMO-4015:
----------------------------------
Component/s: webservices
Assignee: Jarek Gawor
> Protecting EJB based Web services but excluding wsdl from the protection
> ------------------------------------------------------------------------
>
> Key: GERONIMO-4015
> URL: https://issues.apache.org/jira/browse/GERONIMO-4015
> Project: Geronimo
> Issue Type: New Feature
> Security Level: public(Regular issues)
> Components: OpenEJB, webservices
> Reporter: Rafael Thomas Goz Coutinho
> Assignee: Jarek Gawor
> Priority: Minor
>
> When we protect a Web service using HTTP Basic authentication we protect all
> access to that Webservice endpoint URL even to the generated WSDL.
> When exposing a POJO based webservices using a Web project the usual work
> around is to set the http-method to only protect POST requests. So the GET to
> the wsdl will not be protected.
> However when exposing an EJB based Webservice we can not configure that, so
> the wsdl is always protected for POST or GET requests.
> It would be nice if we could change that...
> here is a example of the EJB WS security deployment plan:
> <ejb:enterprise-beans>
> <ejb:session>
> <ejb:ejb-name>Test</ejb:ejb-name>
> <ejb:web-service-security>
> <ejb:security-realm-name>
> WSTest
> </ejb:security-realm-name>
>
> <ejb:transport-guarantee>NONE</ejb:transport-guarantee>
> <ejb:auth-method>BASIC</ejb:auth-method>
> </ejb:web-service-security>
> </ejb:session>
> </ejb:enterprise-beans>
> No place for defining the HTTP method.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
