4 Replies Latest reply on Dec 27, 2004 6:35 AM by gayathiri

Secure Web service Endpoint access

gayathiri Dec 23, 2004 2:25 AM

Hello,
I want to secure my web service. I tried using JAX-RPC authentication.
in the client side the code looks like this

 InventoryEndpoint endpoint = (InventoryEndpoint)new InventoryEndpointServiceLocator().getPort(InventoryEndpoint.class);

 Stub stub = (Stub)endpoint;
 stub._setProperty(Stub.USERNAME_PROPERTY, "kermit");
 stub._setProperty(Stub.PASSWORD_PROPERTY, "thefrog");
 String array=endpoint.getName();

and in the we.xml i have tried with

<login-config>
 <user-name>kermit</user-name>
 <password>thefrog</password>
 </login-config>

i m not sure this code is right......i just tried with it and when i run the client i m getting the following error

12:10:46,529 ERROR [ServerEngine] Server error: AxisFault
 faultCode: {http://xml.apache.org/axis/}Server.NoService
 faultSubcode:
 faultString: The AXIS engine could not find a target service to invoke! targetService is Inventory
 faultActor:
 faultNode:
 faultDetail:
 {http://xml.apache.org/axis/}stackTrace: AxisFault
 faultCode: {http://xml.apache.org/axis/}Server.NoService
 faultSubcode:
 faultString: The AXIS engine could not find a target service to invoke! targetService is Inventory
 faultActor:
 faultNode:
 faultDetail:

The AXIS engine could not find a target service to invoke! targetService is Inventory

i think the error is becoz it is not returning the Endpoint....

can u pls tell me how to give the authentication details in web.xml for JAX-RPC

Regards
GAYATHIRI

1. Re: Secure Web service Endpoint access

thomas.diesler Dec 23, 2004 6:23 AM (in response to gayathiri)

Valid principal/credential combinations are configured with the jboss security domain your WS is using.

Have a look at the samples that are shiped with jboss-4.0.1

cvs co -r JBoss_4_0_1 jboss-4.0
Actions

2. Re: Secure Web service Endpoint access

gayathiri Dec 23, 2004 6:35 AM (in response to gayathiri)

Hello,
Thanks for ur reply. The problem is that i didnt give the statement in the client code

InventoryEndpoint hello = (InventoryEndpoint)stub;

and in web.xml i have to give security-constraint and username and roles in properties file

<login-config>
 <auth-method>BASIC</auth-method>

 </login-config>

 <security-constraint>
 <web-resource-collection>
 <web-resource-name>SecureHello</web-resource-name>
 <url-pattern>/*</url-pattern>
 <http-method>GET</http-method>
 <http-method>POST</http-method>
 </web-resource-collection>
 <auth-constraint>
 <role-name>The Duke</role-name>
 </auth-constraint>
 <user-data-constraint>
 <transport-guarantee>NONE</transport-guarantee>
 </user-data-constraint>
 </security-constraint>

 <security-role>
 <role-name>admin</role-name>
 </security-role>

this is basic authentication for jax-rpc .
.is this Basic authentication is secure ? is there any other way ?

rgds
gayathiri

3. Re: Secure Web service Endpoint access

thomas.diesler Dec 23, 2004 6:50 AM (in response to gayathiri)

Basic authentication is secure enough if you use HTTPS. With plain HTPP the password is encoded with base64 which only slightly better than plain text (security by obfuscation).

A stronger algorithm is client certificates.
Actions
4. Re: Secure Web service Endpoint access

gayathiri Dec 27, 2004 6:35 AM (in response to gayathiri)
Hi,
I m using jboss-4.0.0 and as i told i using Basic authentication for my web service.
I have deployed my web service in jboss-4.0.0 . when i access from perl client it works fine. but when i access from .NET client with the credential details i m getting the following error

The request failed with HTTP status 505: HTTP Version Not Supported

pls tell me y is this error?

Rgds
Gayathiri
Actions

Go to original post