Hi there. I'm getting involved with the web services security
>From the wiki I use a simple security configuration example, and deployed my >web service. Just to be sure that it works, I ran a client with no security configuration, expecting to get an exception, but surprisingly this didn't happen, the client works just fine. After some comparations between examples and my code I realized that I was missing the jboss-web.xml on my secured web service whit the next config: | <jboss-web> | | <webservice-description> | <webservice-description-name>ProfileService</webservice-description-name> | <config-name>Standard Secure Endpoint</config-name> | </webservice-description> | | </jboss-web> | I just added this file to my war file and it works as I expected, when I ran my client I got an java.rmi.RemoteException saying : "Call invocation failed with code [InvalidSecurity]..." So this seems normal since my client doesn't have the security configuration. The question is, why I need the jboss-web.xml in order to make the security works? The web-service-description and config-name doesn't seem to be related to anything in my deployment file, in fact, the names that I put have nothing to do with my components or other config files. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3948243#3948243 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3948243 ------------------------------------------------------- All the advantages of Linux Managed Hosting--Without the Cost and Risk! Fully trained technicians. The highest number of Red Hat certifications in the hosting industry. Fanatical Support. Click to learn more http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642 _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
