Securing SOAP webservice, wildfly, authentication error

Question

I've got a jax-ws webservice which I need to secure. When I start wildfly everything seems to load nicely, but when I try to send a request via SOAPUI tool, the server returns Error with body element - unauthorized. Relevant parts of code below.

Webservice itself:

@WebService
@Stateless
@RolesAllowed("testrole")
@SecurityDomain("test-domain")
public class Test {

    @WebMethod
    @WebResult(name = "HelloResponse")
    public String sayHello(@WebParam(name = "username") String name) {
        return "Hello " + name;
    }
}

standalone.xml:

<security-domain name="test-domain" cache-type="default">
    <authentication>
        <login-module code="org.jboss.security.auth.spi.UserRolesLoginModule"
            flag="required">

            <module-option name="userProperties" value="test-domain-users.properties" relative-to="jboss.server.config.dir"/>
            <module-option name="rolesProperties" value="test-domain-roles.properties" relative-to="jboss.server.config.dir"/>
        </login-module>
    </authentication>
</security-domain>

jboss-web.xml:

<jboss-web>
    <security-domain>test-domain</security-domain>
</jboss-web>

test-domain-users.properties and test-domain-roles.properties look like this: testuser=testpassword, testuser=testrole

The response is Error Unauthorized my wild guess is that I have those properties files in a wrong directory, does anyone know where should I put them? — mcjkwlczk, Apr 26 '15 at 14:15
Adding to what @JohnAment asks, how are you passing the credentials for `testuser` from SoapUI? Post the SOAP request and any associated configuration for authentication. I suspect if you are not passing credentials at all (or not in the way wildfly expects) you will get an unauthorized response. — Scott Heaberlin, Apr 26 '15 at 18:45

Securing SOAP webservice, wildfly, authentication error

0 Answers0