Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Won't Do
Priority: Major
Fix Version/s: None
Affects Version/s: EAP_EWP 5.1.2
Component/s: Web Services
Labels:
- jboss
Environment:

JBoss Enterprise Application Platform 5.1.2, both WS-native and WS-CXF affected

Steps to Reproduce:

Hide

1. Deploy attached demo application
2. Use e.g. soap-ui to test the web service
3. Get 40x(401 I think) page

Show
1. Deploy attached demo application 2. Use e.g. soap-ui to test the web service 3. Get 40x(401 I think) page
Affects:

Documentation (Ref Guide, User Guide, etc.)
Workaround:

Workaround Exists
Workaround Description:

Hide

use "authOnly" mode on Realm in server.xml

Show
use "authOnly" mode on Realm in server.xml
Release Note Text:
This behaviour is by design.
Docs QE Status:
NEW

Description

The customer needs to use "strict" mode on Realm in server.xml. By documentation it requires web.xml, however when using EJB Web Services there is no web.xml. Where does it pick authorization configuration from? ejb-jar.xml clearly not but I'm trying to figure out whether it's bug or feature. Please note that using annotations like @RolesRequired and @SecurityDomain is not considered here.

I'm attaching example project web-service-test-app2.ear and jboss_config.zip.

I have also example project when using POJO WS with web.xml. Then authorization works fine even with "strict" mode. Please request if interested.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

jboss_config.zip
3 kB
2012/05/02 6:29 AM
web-service-test-app.ear2
5 kB
2012/05/02 6:29 AM

Activity

People

Assignee:: Richard Opalka

Reporter:: Adam Kovari (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2012/05/02 6:28 AM

Updated:: 2012/05/03 4:37 AM

Resolved:: 2012/05/02 8:57 AM