8 Replies Latest reply on Sep 2, 2003 6:01 AM by cazacov

    Jboss-net authentication

    yanz

      Hi,

      I tried to turn on authentication and authorization for jboss web service. I got the following exception:
      Access denied at org.jboss.net.axis.server.JBossAuthorizationHandler.invoke(JBossAuthorizationHandler.java:190)

      Does anyone know what the problem is? Currently I only added authentication and authorization part of xdcolet in my web service bean.

      Thanks,

        • 1. Re: Jboss-net authentication
          yanz

          Do I need to modify anything on the jboss or client part?

          • 2. Re: Jboss-net authentication
            sysuser1

            Did you turn on authentication via JBoss WebServices ?
            If yes I would be grateful for some information how to do that.

            • 3. Re: Jboss-net authentication
              bani

              Add the following lines to your axis client

              call.setUsername("your jboss jaas username");
              call.setPassword("your jboss jaas password");

              where call is an instance of org.apache.axis.client.Call

              I suppose you have set up the required jaas domain in login-config.xml and linked your web service (in web-service.xml) to that domain by









              Regards
              Bani

              • 4. Re: Jboss-net authentication
                sysuser1

                I put your tags in my web-service.xml
                but I can't see any additional functionality
                at /jboss-net/services

                I use Delphi as axis client.
                Could you send me example web-service .xml?

                • 5. Re: Jboss-net authentication
                  bani

                  Hi

                  OK, I have no idea how to use Delphi client against an authenticating web server. Try the following.

                  I suppose Delphi will have some object wrapping the web/http request. This object might have a method to set header value for the http request.

                  Set a header with the name 'Authorization' and the value 'Basic some_encoded_value' where some_encoded_value = base64Encode(Username + ":" + password).

                  If you use TCPMonitor (Comes with Axis) you will see a header entry with something like "Authorization: Basic a34Lkfir53LdeWrredWq34"

                  Alternatively Delphi might have something similar to the .NET framework (which does not work with Axis by the way) where you add credentials to the credential cache associated with the webservice clientside proxy.

                  • 6. Re: Jboss-net authentication
                    bani

                    Here is the first part of my web-service.xml. You will only see the effect when you use the service.

                    <deployment name="WebServiceName"
                    xmlns="http://xml.apache.org/axis/wsdd/"
                    xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">

                    <!-- this is the representation of the web service -->






                    <!-- These two handler work very well to enforce security -->
















                    Your type mappings...

                    • 7. Re: Jboss-net authentication
                      cazacov

                      Hi, slatka !

                      Did you find a way to execute secure calls of web service methods from Delphi client ?

                      I have the same problem as you.

                      • 8. Re: Jboss-net authentication
                        cazacov

                        Finally I did it !!!!

                        Problem is that UserName and Password properties of Borland THTTPReqResp component are PROXY credentials, Authorization line is not included into http header.

                        So you have to inherit your own class from THTTPReqResq and overwrite Send method.

                        Some info how to do it: http://groups.google.de/groups?hl=de&lr=&ie=UTF-8&oe=UTF-8&selm=3b5ee805_1%40dnews&rnum=10