Details
-
Bug
-
Resolution: Won't Do
-
Major
-
None
-
EAP_EWP 5.1.2
-
JBoss Enterprise Application Platform 5.1.2, both WS-native and WS-CXF affected
-
-
Documentation (Ref Guide, User Guide, etc.)
-
Workaround Exists
-
-
This behaviour is by design.
-
NEW
Description
The customer needs to use "strict" mode on Realm in server.xml. By documentation it requires web.xml, however when using EJB Web Services there is no web.xml. Where does it pick authorization configuration from? ejb-jar.xml clearly not but I'm trying to figure out whether it's bug or feature. Please note that using annotations like @RolesRequired and @SecurityDomain is not considered here.
I'm attaching example project web-service-test-app2.ear and jboss_config.zip.
I have also example project when using POJO WS with web.xml. Then authorization works fine even with "strict" mode. Please request if interested.