Basic HTTP authentication for WSDL (using JAAS LoginModule)
timstorms Aug 17, 2009 9:41 AMHi,
I'm trying to use basic HTTP authentication for my WSDL. The user credentials should be validated by a (JAAS) LoginModule for Atlassian Crowd. Somehow the deployment of my EAR file fails. The following stacktrace shows up in my logs:
java.lang.NullPointerException at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorFactory.createPerClass(RoleBasedAuthorizationInterceptorFactory.java:49) at org.jboss.aop.advice.AspectFactoryDelegator.createPerClass(AspectFactoryDelegator.java:107) at org.jboss.aop.Advisor.addPerClassAspect(Advisor.java:569) at org.jboss.aop.advice.ScopedInterceptorFactory.create(ScopedInterceptorFactory.java:72) at org.jboss.aop.Advisor.createInterceptorChain(Advisor.java:618) at org.jboss.aop.Advisor.pointcutResolved(Advisor.java:888) at org.jboss.aop.Advisor.resolveMethodPointcut(Advisor.java:650) at org.jboss.aop.ClassContainer.createInterceptorChains(ClassContainer.java:248) at org.jboss.aop.ClassContainer.rebuildInterceptors(ClassContainer.java:115) at org.jboss.aop.ClassContainer.initializeClassContainer(ClassContainer.java:58) at org.jboss.ejb3.EJBContainer.processMetadata(EJBContainer.java:342) at org.jboss.ejb3.SessionContainer.processMetadata(SessionContainer.java:140) at org.jboss.ejb3.Ejb3Deployment.processEJBContainerMetadata(Ejb3Deployment.java:292) at org.jboss.ejb3.Ejb3Deployment.start(Ejb3Deployment.java:356) at org.jboss.ejb3.Ejb3Module.startService(Ejb3Module.java:91) at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:289) at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:245) at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155) at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94) at org.jboss.mx.server.Invocation.invoke(Invocation.java:86) at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659) at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:978) at $Proxy0.start(Unknown Source)
Apparantly the RoleBasedAuthorizationInterceptorFactory throws an exception on line 49. When I checked its source, I've found the following code:
ctx.lookup("java:/jaas/" + securityAnnotation.value());
Probably, this means that the class doesn't find my SecurityDomain annotation, while it IS present. I've got the following annotations on my web service:
@Stateless @SecurityDomain("mydomain") @SOAPBinding(style = SOAPBinding.Style.RPC, use = SOAPBinding.Use.LITERAL) @WebService(name = "ProjectWebService", targetNamespace = "url", serviceName = "service") @WebContext(urlPattern = "/url", authMethod ="BASIC", transportGuarantee ="NONE", secureWSDLAccess = false) @RolesAllowed("admin") @Remote(clazz.class)
Other things I've done:
web.xml:
<security-constraint> <web-resource-collection> <web-resource-name>wsdl</web-resource-name> <url-pattern>/url</url-pattern> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> </login-config> <security-role> <role-name>admin</role-name> </security-role>
login-config.xml (in the conf folder):
<application-policy name="mydomain"> <authentication> <login-module code="com.atlassian.crowd.application.jaas.CrowdLoginModule" flag = "required"> <module-option name="application.name">admin</module-option> <module-option name="application.password">admin</module-option> <module-option name="crowd.server.url">server/</module-option> </login-module> </authentication> </application-policy>
This is the code which should be responsible for authenticating the users. What am I doing wrong here? Thanks!