|Home > Index > FAQ > Web Services questions > How do I enable security for EJB Web Service?|
To enable security for EJB Web Service add the
web-service-security element to the
openejb-jar.xml deployment descriptor file.
transport-guarantee sub-element to configure required transport security. Set it to one of the following:
auth-method sub-element to configure required authentication method. Set it to one of the following:
Starting with Geronimo 2.2 you can also specify a list of HTTP methods that the security configuration applies to. Use
http-method elements to specify a list of HTTP methods that should be secured. For example:
By default, if there are no
http-method elements specified in the deployment descriptor the security configuration applies to all HTTP methods.
In some cases it might be necessary to secure all invocations to the service but allow unsecure WSDL access. You can achieve that by listing all but the GET method in the