users@glassfish.java.net

Re: jdbc realm with web service security not working

From: <glassfish_at_javadesktop.org>
Date: Mon, 24 Mar 2008 22:29:02 PST

Hi,

  I looked at your WSDL and i see that you have configured WSS Authentication using Policy as well ...

-----------------
<ns3:SignedSupportingTokens xmlns:ns3="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<wsp:ExactlyOne>
<wsp:All>
<ns3:UsernameToken ns3:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<wsp:ExactlyOne>
<wsp:All>
<ns3:WssUsernameToken10></ns3:WssUsernameToken10>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</ns3:UsernameToken>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</ns3:SignedSupportingTokens>
-----------------

This is the reason you are seeing the double authentication. How did you generate this WSDL (using NB is it ?). If so then do not select security under the "Edit WebServices Attributes" option in NB. Because what you are looking for is BASIC Auth and not SOAP Message Security. Infact there should be no WS-Policy in your WSDL for this usecase.

On your question about Stateful WebServices : only a Stateless EJB can be exposed as webservice. So for Stateful WebServices you would have to follow JAXWS documentation and develope the web-app. Note : @RolesAllowed does not work on Servlet WebServices yet.
[Message sent by forum member 'kumarjayanti' (kumarjayanti)]

http://forums.java.net/jive/thread.jspa?messageID=265611