axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Merten Schumann" <Merten.Schum...@asg.com>
Subject parameter "alllowedRoles" in deploy.wsdd has no effect, service can be used without authentication?!?
Date Wed, 06 Oct 2004 16:51:59 GMT
I want my service to require user authentication by using this
deploy.wsdd

<deployment xmlns="http://xml.apache.org/axis/wsdd/"
   xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">

 <service name="HelloService" provider="java:RPC">
  <parameter name="className" value="my.stuff.HelloServiceServlet"/>
  <parameter name="allowedMethods" value="*"/>
  <parameter name="allowedRoles" value="role1"/>  
 </service>

 <requestFlow name="checks">
  <handler
type="java:org.apache.axis.handlers.SimpleAuthenticationHandler"/>
  <handler
type="java:org.apache.axis.handlers.SimpleAuthorizationHandler"/>
 </requestFlow>

</deployment>

I expected my (JAXRPC, dynamic proxy) web service client to fail when
invoking a service method - with something like "authentication
required". But the client still works fine, the web service method gets
called and returns it's result. Hmm, is there anything more to setup to
get authentication to be used/required? I could use the
<security-constraint> stuff in web.xml, but for what is this
"allowedRoles" parameter then? (I'm using Axis 1.2RC1)

BTW: I got the impression that in Axis you can set with allowedRoles
users, not roles. Is this true?

Thank you!
   Merten

Mime
View raw message