This week's book giveaway is in the Performance forum. We're giving away four copies of The Java Performance Companion and have Charlie Hunt, Monica Beckwith, Poonam Parhar, & Bengt Rutisson on-line! See this thread for details.
Trying to access web service protected with JAAS role-based security
Mark E Hansen
posted 6 years ago
I have a web service implemented as a stateless EJB3.0, using Eclipse IDE, Java 1.6.0 and deploying to JBoss AS 5.1.0.GA.
I have been successful in configuring JBoss for JAAS security for the rest of the J2EE application, including adding a @RolesAllowed(...) annotation to my EJB methods, and this does indeed work.
I've added such an annotation now to my web service method, and am unable to invoke the method using the SoapUI test client, even though I've provided my user name and password in the properties of the request (this is the data item created in SoapUI, which it uses to generate the actual soap message request).
Note that if I remove the @RolesAllowed(...) annotation from the web service method, I'm able to call it just fine using SoapUI. When I add the @RolesAllowed(...) annotation back in and attempt to call it from SoapUI, I get the following error in the JBoss AS log file: