[jboss-user] [JBoss AS Documentation] - JBoss AS 7 security problem

Fri, 18 Nov 2011 13:35:24 -0800 

mateo01 [http://community.jboss.org/people/mateo01] created the discussion

"JBoss AS 7 security problem"

To view the discussion, visit: http://community.jboss.org/message/637264#637264

--------------------------------------------------------------
Hi everyone!

I use Jboss As 7 for my new application which contans some EJB components 
connected with one main EJB marked as Webservice (JAX-WS). I am connecting to 
this service from standalone test application and everythink woks fine. But I 
wanted to implement authentication and authorization so head of my web-service 
implementor class look like this:

@Stateless
@SchemaValidation(enabled = true)
@WebService(wsdlLocation = "/META-INF/wsdl/invoiceservice.wsdl")

@SecurityDomain("jboss-domain")
@DeclareRoles({"moderator"})
@RolesAllowed({})
public class InvoiceServiceImpl implements Invoiceservice {


     @Override
    @TransactionAttribute(TransactionAttributeType.REQUIRED)
    @DenyAll
    public CreateDocumentRS createDocument(CreateDocumentRQ payload) throws 
BusinessException {

     .....some code
}
}

I have also configured security domain in standalone.xml - it looks like this:

               security-domain name="jboss-domain" cache-type="default">
                    <authentication>
                        <login-module code="UsersRoles" flag="required">
                            <module-option name="usersProperties" 
value="ejb3users.properties"/>
                            <module-option name="rolesProperties" 
value="ejb3roles.properties"/>
                            <module-option name="unauthenticatedIdentity" 
value="nobody"/>
                        </login-module>
                    </authentication>
                </security-domain>

files ejb3users.properties and ejb3roles.properties are stored in same 
directory as standalone.xml

and now when I'm trying to connect to webservice with my standalone application 
(without setting username and password) everythink works, every method which 
should be denied executes without any exception.

Could you guys advice me what am I doing wrong? Maybe it is something more what 
should I configure?

Thanks in advance for any thoughts!
--------------------------------------------------------------

Reply to this message by going to Community
[http://community.jboss.org/message/637264#637264]

Start a new discussion in JBoss AS Documentation at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2079]


_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user

Reply via email to