Details
-
Task
-
Resolution: Done
-
Optional
-
jbossws-native-3.0.5, jbossws-cxf-5.0.0.Beta1
-
None
-
Compatibility/Configuration
Description
An EJB3 endpoint defined with annotation @WebContext(authMethod="BASIC") results in JBossWS generating web.xml metadata equivalent to:
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>EJBServiceEndpointServlet Realm</realm-name>
</login-config>
On one hand this is perfectly acceptable as the realm-name is just a vanity configuration parameter. However there are scenarios where it would be desirable to allow the application to override the default value: we migrated from another web services stack to JBossWS (was JAXWS-RI), some clients of our web services had explicitly configured their HTTP authentication on their end to match on realm name (one instance was Perl SOAP::Lite), quite the same way a web browser stores HTTP authentication along with the realm name such if the realm name changes, the authentication is invalidated - but since these are machines talking to each other rather than a web browser, it becomes a nightmare to debug why a client began receiving 401 errors after our upgrade.
It would be nice if the org.jboss.wsf.spi.annotation.WebContext annotation had a realmName parameter.
I attempted to work on a patch, however I'm confused by how many copies of WebAppGeneratorDeploymentAspect.java there seem to be under the jbossws/container and jbossws/framework subversion trees.
Attachments
Issue Links
- relates to
-
WFLY-3251 @WebContext overrides realm in web.xml
- Closed