background image

Adding Security Elements

<< Annotating the Service | Linking Roles to Groups >>
<< Annotating the Service | Linking Roles to Groups >>

Adding Security Elements

The @RolesAllowed annotation specifies that only users in the role of basicUser will be allowed
to access the sayHello (String name) method. An @RolesAllowed annotation implicitly
declares a role that will be referenced in the application, therefore, no @DeclareRoles
annotation is required.
Adding Security Elements to the Deployment Descriptor
To enable basic authentication for the service, add security elements to the application
deployment descriptor, web.xml. The security elements that need to be added to the
deployment descriptor include the <security-constraint> and <login-config>elements.
These security elements are discussed in more detail in
"Declaring Security Requirements in a
Deployment Descriptor" on page 851
and in the Java Servlet Specification. Code in bold is
added to the original deployment descriptor to enable HTTP basic authentication. The
resulting deployment descriptor is located in
tut-install/javaeetutorial5/examples/jaxws/helloservice-basicauth/web/WEB-INF/
web.xml
.
<?xml version="1.0" encoding="UTF-8"?><web-app
xmlns="http://java.sun.com/xml/ns/javaee" version="2.5"
xmlns:xsi="http://www.w3.org/2001/XMLSchema"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<display-name>HelloService</display-name>
<listener>
<listener-class>
com.sun.xml.ws.transport.http.servlet.WSServletContextListener
</listener-class>
</listener>
<servlet>
<display-name>HelloService</display-name>
<servlet-name>HelloService</servlet-name>
<servlet-class>com.sun.xml.ws.transport.http.servlet.WSServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>HelloService</servlet-name>
<url-pattern>/hello</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<security-constraint>
<display-name>SecurityConstraint</display-name>
<web-resource-collection>
<web-resource-name>WRCollection</web-resource-name>
<url-pattern>/hello</url-pattern>
</web-resource-collection>
<auth-constraint>
Examples: Securing Web Applications
The Java EE 5 Tutorial · September 2007
888