-
1. Re: Principal = null
jason.greene Nov 16, 2004 12:52 PM (in response to minmay)chek that the ejb create and remove methods are also unchecked
-Jason -
2. Re: Principal = null
minmay Nov 16, 2004 2:35 PM (in response to minmay)Here are the relevant ejb-jar.xml tags:
<session>
<ejb-name>AddEventEJB</ejb-name>
<service-endpoint>mypath.AddEventEndPoint</service-endpoint>
<ejb-class>mypath.AddEventBean</ejb-class>
<session-type>Stateless</session-type>
<transaction-type>Container</transaction-type>
</session>
<method-permission>
<unchecked/>
<method>
<ejb-name>AddEventEJB</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>
The code that looks up the web service looks like this:private AddEventEndPoint getEndpoint() throws MalformedURLException, ServiceException { if (endpoint==null) { URL url = new URL(WEB_SERVICE); QName qname = new QName(NAMESPACE_URI,LOCAL_PART); ServiceFactory factory = ServiceFactory.newInstance(); Service service = factory.createService(url,qname); endpoint = (AddEventEndPoint)service.getPort(AddEventEndPoint.class); } return endpoint; } public boolean execute() throws MalformedURLException, ServiceException, RemoteException { return getEndpoint().addEvent(host, task, pid, severity, message, time); }
-
3. Re: Principal = null
thomas.diesler Nov 17, 2004 9:18 AM (in response to minmay)Even if the EJB is declared as unchecked JBossSX still requires a valid principal. Most login modules support the 'unauthenticatedIdentity' option.
<application-policy name="JBossWS"> <authentication> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> <module-option name="unauthenticatedIdentity">anonymous</module-option> </login-module> </authentication> </application-policy>
-
4. Re: Principal = null
minmay Nov 17, 2004 1:09 PM (in response to minmay)This raises many more questions.
ONE)
I am using a custom security domain, how come it never gets called when I attempt to invoke this web service? Is this in anyway affected by the fact that I am calling this endpoint from a non-J2EE environement, as shown in the JBoss 4.0.0. Getting Started documentation? I never tested that web services example, but now I am beginning to wonder if it works.
TWO)
Is there an actual application policy named JBossWS that I must set? Or is JBossWS just a a place-holder for my custom application policy that I am using.<application-policy name="JBossWS">
THREE)
Will I need to modify the jboss.net and jboss.net-uddi aplication policies, or are those legacy configurations from jboss 3.2.X ?
FOUR)
How do I insure that my non-J2EE Java Client gets passed through the authentication mechanisms(application policies in the login-config.xml)? I really am trying to setup a simple web services example with my stateless session bean, as shown in the Getting Started Documentation. -
5. Re: Principal = null
jason.greene Nov 17, 2004 1:52 PM (in response to minmay)ONE & TWO & THREE)
You can use any policy, JBossWS will just use whatever policy your EJBs are using. Just set your <security-domain> in your jboss.xml to your custom configuration. You may have to add the unauthenticated identity as before to your custom config
FOUR)
Yesterday I updated the wiki to show how to configure HTTP Basic and SSL authorization. See WSSecureEndpoint. Use this for non JBoss clients
-Jason -
6. Re: Principal = null
minmay Nov 17, 2004 2:47 PM (in response to minmay)I want to thank everybody who helped. I resolved the issues at hand.
It goes without saying, all the problems were my fault.
I'll go over what fixed it.
ONE) I was accessing my web service through IntelliJ's Application Run feature. When I did that, well, for some odd reason authentication wouldn't be called. I still don't know why. When I access my webservice via JDK 1.4 and ANT, it all works fine.
TW0) My custom login module did handle the situation of username==null and password==null. I looked at the code for org.jboss.security.auth.spi.UsernamePasswordLoginModule for a nice example of how to implement that feature into my login module.
Once more, thank you everybody.