I've created a web service, and added basic authentication according to the user-guide chapter 13 (http://labs.jboss.com/portal/jbossws/user-guide/en/html/secure-ejb.html), but it results in basic auth being activated for both GET and POST. I want access to the wsdl to be public.
The web service is defined using webservices.xml, jboss.xml, and ejb-jar.xml, and is contained in a jar file. I notice in the web.xml file generated by jboss on deploy, that both GET and POST is specified in the security-constraint. Any ideas on how I can make access to the wsdl (GET requests) public, and only the ws-methods (POST requests) authenticated? /Per webservices.xml: | <webservice-description> | <webservice-description-name>MyService</webservice-description-name> | <wsdl-file>META-INF/wsdl/MyService.wsdl</wsdl-file> | <jaxrpc-mapping-file>META-INF/MyService-mapping.xml</jaxrpc-mapping-file> | <port-component> | <port-component-name>MyService</port-component-name> | <wsdl-port>MyServicePort</wsdl-port> | <service-endpoint-interface>com.test.ws.MyServiceEndpoint</service-endpoint-interface> | <service-impl-bean> | <ejb-link>MyServiceBean</ejb-link> | <servlet-link></servlet-link> | </service-impl-bean> | </port-component> | </webservice-description> | jboss.xml: | <jboss> | <security-domain>java:/jaas/my-security-domain</security-domain> | <enterprise-beans> | <session> | <ejb-name>MyServiceBean</ejb-name> | <port-component> | <port-component-name>MyService</port-component-name> | <port-component-uri>/ws/MyService</port-component-uri> | <auth-method>BASIC</auth-method> | </port-component> | </session> | </enterprise-beans> | </jboss> | ejb-jar.xml: | <enterprise-beans> | <session> | <ejb-name>MyServiceBean</ejb-name> | <service-endpoint>com.test.ws.MyServiceEndpoint</service-endpoint> | <ejb-class>com.test.ws.MyServiceSLSB</ejb-class> | <session-type>Stateless</session-type> | <transaction-type>Container</transaction-type> | <security-role-ref> | <role-name>@ROLE_EXPORT@</role-name> | </security-role-ref> | <security-role-ref> | <role-name>@ROLE_IMPORT@</role-name> | </security-role-ref> | </session> | </enterprise-beans> | | <assembly-descriptor> | <security-role> | <role-name>@ROLE_IMPORT@</role-name> | </security-role> | <security-role> | <role-name>@ROLE_EXPORT@</role-name> | </security-role> | <method-permission> | <role-name>@ROLE_IMPORT@</role-name> | <method> | <ejb-name>MyServiceBean</ejb-name> | <method-name>submit</method-name> | </method> | </method-permission> | <method-permission> | <role-name>@ROLE_EXPORT@</role-name> | <method> | <ejb-name>MyServiceBean</ejb-name> | <method-name>fetch</method-name> | </method> | </method-permission> | </assembly-descriptor> | View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3981275#3981275 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3981275 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
