Uploaded image for project: 'JBoss Web Services'
  1. JBoss Web Services
  2. JBWS-3485

JBoss AS 7 requires authentication for unsecured @WebMethod

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Major Major
    • None
    • None
    • None
    • None
    • Hide

      1. Create 2 users in the standalone domain as shown in the description section.
      2. Start the JBoss AS 7 server.
      3. Extract the project attached with the forum reference and run the tests.

      Show
      1. Create 2 users in the standalone domain as shown in the description section. 2. Start the JBoss AS 7 server. 3. Extract the project attached with the forum reference and run the tests.

          • Not sure about component or affect versions, please excuse ***

      Have a simple EJB3 Endpoint with 3 methods, one unannotated, another annotated @PermitAll and the other one annotated @RolesAllowed. Using security domain "other" with 2 users, details shown below. JBoss returns 401 when the unannotated/unsecured method is invoked without proper authorization. It shouldn't care about authentication or authorization for the unannotated/unsecured method.
      Attached with the forum post is a project that demonstrates the problem. The post started of on an incorrect understanding but ends with the correct one so please read it fully before commenting.

      1. application-users.properties #
      2. is for illustration only and does not correspond to a usable password.
        #
        #admin=2a0923285184943425d1f53ddd58ec7a
        user=8544a03c79aee5b1c99458d83ee0f9e0
        guest=1bb6b7c18b5c1dab17f5141fa398905a
      1. application-roles.properties #
        #
        #admin=PowerUser,BillingAdmin,
        #guest=guest
        user=AppUser
        guest=AppGuest

              Unassigned Unassigned
              Abhi0123 Abhijit Sarkar (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: