This week's book giveaway is in the Android forum.
We're giving away four copies of Head First Android and have Dawn & David Griffiths on-line!
See this thread for details.
The moose likes EJB and other Java EE Technologies and the fly likes Problem securing a web service Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Head First Android this week in the Android forum!
JavaRanch » Java Forums » Java » EJB and other Java EE Technologies
Bookmark "Problem securing a web service" Watch "Problem securing a web service" New topic

Problem securing a web service

Tim Storms
Ranch Hand

Joined: Apr 27, 2006
Posts: 64
I'm trying to secure a web service which is an EJB. I'm trying to accomplish this by adding the following jboss.xml in the META-INF folder.

As you can see, this EJB is the only EJB that should be "behind" a security domain. I tried doing this with the SecurityDomain annotation on my EJB, but it gave me a nullpointer in my Seam application on deployment.

Now, this web service is indeed protected by this security domain. So far, so good. But now it seams that the rest of my application is also trying to pass this security domain. What am I forgetting here, or what am I doing wrong?

Btw, my EJB is annotated with the following annotations:

SCJP 1.5, SCWCD 1.4, SCBCD 5
Ankit Garg

Joined: Aug 03, 2008
Posts: 9374

Use a webservice-endpoint tag inside your session tag like this

SCJP 6 | SCWCD 5 | Javaranch SCJP FAQ | SCWCD Links
Tim Storms
Ranch Hand

Joined: Apr 27, 2006
Posts: 64
Thanks for your reply, but can you elaborate on this? Isn't this XML configuration already taken care of in my annotations? Also I don't need to configure a realm, but a security domain.

Thanks for the info!
I agree. Here's the link:
subject: Problem securing a web service
It's not a secret anymore!