Skip to end of metadata
Go to start of metadata

This page explains the simplest way to authenticate a web service user with JBossWS.

First we secure the access to the SLSB as we would do for normal (non web service) invocations: this can be easily done through the @RolesAllowed, @PermitAll, @DenyAll annotation. The allowed user roles can be set with these annotations both on the bean class and on any of its business methods.

Similarly POJO endpoints are secured the same way as we do for normal web applications in web.xml:

Specify the security domain

Next, specify the security domain for this deployment. This is performed using the @SecurityDomain annotation for EJB3 endpoints

or modifying the jboss-web.xml for POJO endpoints

The security domain as well as its the authentication and authorization mechanisms are defined differently depending on the application server version in use.

Use BindingProvider to set principal/credential

A web service client may use the javax.xml.ws.BindingProvider interface to set the username/password combination

Using HTTP Basic Auth for security

To enable HTTP Basic authentication you use the @WebContext annotation on the bean class

For POJO endpoints, we modify the web.xml adding the auth-method element:

Labels:
None
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.