Basic Auth Security with DII and Stub Clients
sumankg May 29, 2006 8:38 PMI initially had a bunch of services working with the AXIS stack and now I have switched to JBOSSWS with the new 4.0.4GA release. I had secured web services configured with basic authentication working with Axis and after reading through the JBOSSWS user guide I still seem to be stuck in authenticating properly with the hosted and secured web service with the JBossWS stack.
Below are the following steps that I took.
#1) I used wstools to compile & autogenerate a WSDL, Mapping, and webservices.xml
<configuration> <java-wsdl> <service name="LicensingWebServices" style="rpc" endpoint="com.myco.webservices.secure.licensing.LicensingServices"/> <namespaces target-namespace="http://com.myco.webservices.secure.licensing/MyWebServices" type-namespace="http://com.myco.webservices.secure.licensing/MyWebServices/types"/> <mapping file="LicensingServices_Mapping.xml"/> <webservices servlet-link="LicensingServicesServlet"/> </java-wsdl> </configuration>
#2) I copied the wsdl, mapping and webservices.xml files into a war and deployed the webservices successfully. For testing purposes, my implementation just returns "Hello World"
#3) I ran wstools again to generate the client artifacts using the following config file by pointing to the locally generated wsdl file in step 1.
<configuration> <wsdl-java file="/root/mywsproject/webservicegen-jbossws/licensing/server/wsdl/LicensingWebServices.wsdl"> <mapping file="LicensingServices_Mapping.xml" /> </wsdl-java> </configuration>
#4) I got back two autogenerated classes LicensingServices.java and LicensingWebServices.java which have the following code below.
LicensingServices.java
package com.myco.webservices.secure.licensing.MyWebServices; public interface LicensingServices extends java.rmi.Remote { public java.lang.String verifyClientLicenseInfo(java.lang.String string_1) throws java.rmi.RemoteException; }
LicensingWebServices.java
package com.myco.webservices.secure.licensing.MyWebServices; import javax.xml.rpc.*; public interface LicensingWebServices extends javax.xml.rpc.Service { public com.myco.webservices.secure.licensing.MyWebServices.LicensingServices getLicensingServicesPort() throws ServiceException; }
#5) I compiled and packaged these two classes into a jar file and have it referenced from my client code shown in step 7.
#6) I initally changed the servlet for the web services so that it is public and doesn't require any authentication.
#7) Using the JBOSSWS User Guide I wrote a simple DII client like below.
QName SERVICE_NAME = new QName(namespace, servicename); ServiceFactory serviceFactory = ServiceFactory.newInstance(); Service service = serviceFactory.createService(new URL(wsdl), SERVICE_NAME); LicensingServices ws = (LicensingServices) service.getPort(LicensingServices.class); System.out.println(ws.verifyClientLicenseInfo(args));
This successfully returned "Hello World!" Great. Now to securing the service.
#8) I changed the servlet path on the webservice so that it is now secured with basic authentication (simple username and password). I ran the same client code as above and I got back an HTTP 401 error. Correct!!! This is a secured service and I should get back an HTTP 401 Unauthorized since I haven't provided and credentials.
Questions:
1) How do I pass username and password credentials using the DII format.
2) If the question to number 1 is that DII doesn't support authentication and to use Stubs instead then I tried the following and was still unsuccessful.
I initially had this secured web service working with the client using the following AXIS client code.
LicensingWebServices_Impl lic = new LicensingWebServices_Impl(); Stub stub = (Stub)(lic.getLicensingServicesPort()); stub._setProperty(javax.xml.rpc.Stub.USERNAME_PROPERTY, username); stub._setProperty(javax.xml.rpc.Stub.PASSWORD_PROPERTY, password); stub._setProperty(javax.xml.rpc.Stub.ENDPOINT_ADDRESS_PROPERTY, wsdl); LicensingServices licws = (LicensingServices)stub; return licws.verifyClientLicenseInfo(args);
However, when using this method, wscompile from jwsdp1.6 generated a bunch of classes, more than WSTools.
LicensingServices - similar in both WSTools and WSCompile
LicensingWebServices - similar in both WSTools and WSCompile
WSCompile also generated some classes like LicensingWebServices_Impl above which extends LicensingWebServices containing the getLicensingServicesPort() method.
As a result, using WSTools I only have interfaces and cannot perform the first line where the new is called.
Am I missing something here on how to generate client-side stubs using the new JBossWS stack?
Do I still use wscompile to generate the client side stubs?
Any help is appreciated. Thanks.