|
|
| Home > Index > FAQ > Web Services questions > How do I enable security for EJB Web Service? |
To enable security for EJB Web Service add the web-service-security element to the openejb-jar.xml deployment descriptor file.
Use transport-guarantee sub-element to configure required transport security. Set it to one of the following:
Use auth-method sub-element to configure required authentication method. Set it to one of the following:
Example:
<ejb:enterprise-beans>
...
<ejb:session>
<ejb:ejb-name>Test</ejb:ejb-name>
<ejb:web-service-security>
<ejb:security-realm-name>geronimo-admin</ejb:security-realm-name>
<ejb:transport-guarantee>NONE</ejb:transport-guarantee>
<ejb:auth-method>BASIC</ejb:auth-method>
</ejb:web-service-security>
</ejb:session>
...
</ejb:enterprise-beans>
Starting with Geronimo 2.2 you can also specify a list of HTTP methods that the security configuration applies to. Use http-method elements to specify a list of HTTP methods that should be secured. For example:
<ejb:enterprise-beans>
...
<ejb:session>
<ejb:ejb-name>Test</ejb:ejb-name>
<ejb:web-service-security>
<ejb:security-realm-name>geronimo-admin</ejb:security-realm-name>
<ejb:transport-guarantee>NONE</ejb:transport-guarantee>
<ejb:auth-method>BASIC</ejb:auth-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</ejb:web-service-security>
</ejb:session>
...
</ejb:enterprise-beans>
By default, if there are no http-method elements specified in the deployment descriptor the security configuration applies to all HTTP methods.
In some cases it might be necessary to secure all invocations to the service but allow unsecure WSDL access. You can achieve that by listing all but the GET method in the http-method elements.
Bookmark this on Delicious
Digg this
|
Privacy Policy - Copyright © 2003-2009, The Apache Software Foundation, Licensed under ASL 2.0. |