What is the better approach to implement method level authorization in JBossWS using POJO's ?

Solution Verified - Updated -

Issue

  • What is the easiest way to restrict access to certain webmethods within a webservice ?
  • Already had success in securing webservices as a whole by using the WS-Security Endpoint config. Also successfully use BASIC Auth defined in the web.xml.

  • Both ways work for and have them mapped to application-policies defined in the login-config.xml file. Now just need the extra granularity to be able to map roles to individual web mothods.

  • Is this possible with a annotated POJO webservice or would we need to switch to an EJB based WS?

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 5.x
  • JBossWS-Native

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content