You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@tomee.apache.org by "Jean-Louis MONTEIRO (JIRA)" <ji...@apache.org> on 2009/04/22 16:28:48 UTC

[jira] Updated: (OPENEJB-1004) Web service endpoints not secured

     [ https://issues.apache.org/jira/browse/OPENEJB-1004?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jean-Louis MONTEIRO updated OPENEJB-1004:
-----------------------------------------

    Attachment: patch-openejb-1004.txt

WS-Security integration proposal

> Web service endpoints not secured
> ---------------------------------
>
>                 Key: OPENEJB-1004
>                 URL: https://issues.apache.org/jira/browse/OPENEJB-1004
>             Project: OpenEJB
>          Issue Type: Improvement
>          Components: webservices
>    Affects Versions: 3.1
>            Reporter: Jonathan Gallimore
>            Assignee: Jonathan Gallimore
>         Attachments: patch-openejb-1004.txt
>
>
> It does not appear to be possible to secure webservice endpoints at the moment, therefore EJB session beans exposed as webservices will not work if they use the @RolesAllowed annotation.
> It would be nice to pass the values specified in the <web-service-security> tag in openejb-jar.xml were passed through to Tomcat/OpenEJB HTTP container, and to potentially support WS-Security schemes as well.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.