geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ivan <xhh...@gmail.com>
Subject Re: Secure WebService with BASIC Authentication
Date Fri, 27 Aug 2010 07:11:04 GMT
There is a test case for ejb security web service sample, please refer to
https://svn.apache.org/repos/asf/geronimo/server/branches/2.2/testsuite/webservices-testsuite/jaxws-tests/jaxws-ejb-sec

2010/8/26 Faw <fawzib.rojas@gmail.com>

>
> I want to secure my SOAP webservice with basic authentication. I searched
> in
> the knowledgebase and found this:
>
>
> https://cwiki.apache.org/GMOxKB/how-do-i-enable-security-for-ejb-web-service.html
>
> So I tried and added that to my configuration, this is part my
> openejb-jar.xml
>
> <ejb:enterprise-beans>
>  <ejb:session>
>    <ejb:ejb-name>loggers-rpc</ejb:ejb-name>
>    <ejb:web-service-security>
>      <ejb:security-realm-name>geronimo-admin</ejb:security-realm-name>
>      <ejb:transport-guarantee>NONE</ejb:transport-guarantee>
>      <ejb:auth-method>BASIC</ejb:auth-method>
>      <ejb:http-method>POST</ejb:http-method>
>      <ejb:http-method>PUT</ejb:http-method>
>    </ejb:web-service-security>
>  </ejb:session>
> </ejb:enterprise-beans>
>
> It gave me an error "Ejb app has method permissions but no security
> configuration supplied in geronimo plan", so after searching around for a
> while i found an answer (this should be mentioned and explained in that
> same
> wiki page), so i added the following to openejb-jar.xml:
>
> <sec:security>
>  <sec:role-mappings>
>    <sec:role role-name="admin">
>      <sec:principal name="admin"
>
> class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
>    </sec:role>
>  </sec:role-mappings>
> </sec:security>
>
> and added the following to my service:
>
> @Stateless
> @RolesAllowed("admin")
> public class RegisterBean extends BaseService implements Register {
> ....
> }
>
> The service deploys well, when I try to call it (using the soapui generic
> client) it with no user/password it fails (as it should), but when I use
> username/password it also fails. I don't know what Im missing. Can anyone
> give me any ideas?
> --
> View this message in context:
> http://apache-geronimo.328035.n3.nabble.com/Secure-WebService-with-BASIC-Authentication-tp1354513p1354513.html
> Sent from the Users mailing list archive at Nabble.com.
>



-- 
Ivan

Mime
View raw message