Uploaded image for project: 'JBoss Web Services'
  1. JBoss Web Services
  2. JBWS-106

Cached authentication credentials not used

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • jboss-ws4ee-4.0.2
    • jboss-ws4ee-4.0.1
    • ws-security
    • None

      Caching of authentication credentials does not appear to be occuring when invoking web services and using BASIC authentication. With the following configuration, and a sample cofiguration of DatabaseServerLoginModule, upon every invocation of the web service, the username and password are validated by a call to the database.

      This is in contrast to BASIC authentication performed to secure a jsp page, which only queries the database intitially and summarially uses the cached value until expiration.

      jboss.xml:
      <jboss>
      <security-domain>java:/jaas/TestRealm</security-domain>
      <enterprise-beans>
      <session>
      <ejb-name>TestSessionEJB</ejb-name>
      <local-jndi-name>test/TestSession</local-jndi-name>
      <port-component>
      <port-component-name>TestSessionEndPointPort</port-component-name>
      <auth-method>BASIC</auth-method>
      </port-component>
      </session>
      </enterprise-beans>
      </jboss>

      ejb-jar.xml:
      <ejb-jar>
      <enterprise-beans>
      <session>
      <ejb-name>TestSessionEJB</ejb-name>
      <local-home>com.xpel.test.LocalTestSessionHome</local-home>
      <local>com.xpel.test.LocalTestSession</local>
      <ejb-class>com.xpel.test.TestSessionBean</ejb-class>
      <session-type>Stateless</session-type>
      <transaction-type>Container</transaction-type>
      <service-endpoint>com.xpel.test.TestSessionEndPoint</service-endpoint>
      </session>
      </enterprise-beans>
      <assembly-descriptor>
      <security-role>
      <role-name>csr</role-name>
      </security-role>
      <method-permission>
      <role-name>csr</role-name>
      <method>
      <ejb-name>TestSessionEJB</ejb-name>
      <method-name>create</method-name>
      </method>
      </method-permission>
      <method-permission>
      <role-name>csr</role-name>
      <method>
      <ejb-name>TestSessionEJB</ejb-name>
      <method-name>foo</method-name>
      </method>
      </method-permission>
      </assembly-descriptor>
      </ejb-jar>

              starksm64 Scott Stark (Inactive)
              paper57 Ryan Pape (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: