3 Replies Latest reply on Dec 4, 2006 12:07 AM by cboatwright

    EJB3 SessionBean endpoint and security

    cboatwright

      I recently [finally] had time to upgrade to Eclipse 3.2 and JBoss 4.0.4 and ejb3 and am prototyping out some Web Services using the "181" way. I did the "HelloWorld" example in the Wiki (http://wiki.jboss.org/wiki/Wiki.jsp?page=JBWS181HelloWorld) and got things working very quickly.

      I then saw many examples about how to create an endpoint out of a EJB3 session bean. Again, very easy. Very nice.

      However, when I searched for how to setup security, I've run into problems. I added the @SecurityDomain and so forth, but cannot get it to secure and/or a client to authenticate.

      My goal is simply: create a Web Service that a client can call with a username and password that the JBoss JAAS container can handle. It appears that this can be done, but I must be missing something simple. I appears you add the "@PortComponent" and "@SecurityDomain" and "@RolesAllowed" annotations and pass in the valid information.

      When a client access the Web Service it get an authentication error even though I think I'm passing in the correct username/password. I'm using the defaults (kermit/thefrog in the role "friend").

      The EJB3 Stateless Session Bean endpoint:

      package com.buildlinks.ejb;
      
      import java.rmi.RemoteException;
      import java.security.Identity;
      import java.security.Principal;
      
      import javax.annotation.Resource;
      import javax.annotation.security.RolesAllowed;
      import javax.ejb.EJB;
      import javax.ejb.SessionContext;
      import javax.ejb.Stateless;
      import javax.jws.WebMethod;
      import javax.jws.WebService;
      import javax.jws.soap.SOAPBinding;
      import javax.naming.Context;
      import javax.naming.InitialContext;
      import javax.naming.NamingException;
      import javax.persistence.Transient;
      
      import org.jboss.annotation.security.SecurityDomain;
      import org.jboss.ws.annotation.PortComponent;
      
      @EJB(name="HelloWorldBean", description="", beanInterface=com.buildlinks.ejb.HelloWorld.class, beanName="HelloWorldBean")
      @WebService(name="HelloWorld")
      @SOAPBinding(style = SOAPBinding.Style.RPC)
      @PortComponent(authMethod="BASIC", transportGuarantee="NONE", urlPattern="/*", contextRoot="/BuildLinksEjb3")
      @SecurityDomain("JBossWS")
      @RolesAllowed("friend")
      
      /**
       * @author cboatwright
       */
      public @Stateless class HelloWorldBean implements HelloWorld
      {
       @Resource
       @Transient
       SessionContext ctx;
      
       public HelloWorldBean()
       {
       System.out.println("HelloWorldBean created");
       }
      
       @WebMethod
       public String echoString(String str1, String str2) throws RemoteException
       {
       System.out.println("str=" + str1 + ", str2=" + str2);
      
       if (ctx != null)
       {
       Principal caller = ctx.getCallerPrincipal();
       Identity identity = ctx.getCallerIdentity();
       System.out.println("isCallerInRole(friend)=" + ctx.isCallerInRole("friend"));
       System.out.println("caller=" + caller);
       System.out.println("identity=" + identity);
       }
      
       return "Thanks you for sending [" + str1 + "] and [" + str2 + "]";
       }
      }
      


      The calling client:
      package com.buildlinks.client;
      
      import java.net.URL;
      import java.util.Properties;
      
      import javax.xml.namespace.QName;
      import javax.xml.rpc.Service;
      import javax.xml.rpc.ServiceFactory;
      import javax.xml.rpc.Stub;
      
      import org.jboss.ws.jaxrpc.ServiceFactoryImpl;
      import org.jboss.ws.jaxrpc.StubExt;
      
      import com.buildlinks.ejb.HelloWorld;
      
      public class WsClientTest
      {
       public static void main(String[] args)
       {
       try
       {
       // http://java.sun.com/j2se/1.4.2/docs/guide/net/properties.html
       Properties systemSettings = System.getProperties();
       systemSettings.put("http.basic.username", "kermit");
       systemSettings.put("http.basic.password", "thefrog");
      // systemSettings.put("http.proxyHost", "localhost");
      // systemSettings.put("http.proxyPort", "8888");
      // systemSettings.put("http.nonProxyHosts", "");
      // systemSettings.put("http.proxyUserName",username);
      // systemSettings.put("http.proxyPassword",password);
       System.setProperties(systemSettings);
      
       URL url = new URL("http://localhost/BuildLinksEjb3/HelloWorldBean?wsdl");
       QName qname = new QName("http://ejb.buildlinks.com/jaws", "HelloWorldBeanService");
      
       ServiceFactory factory = ServiceFactoryImpl.newInstance();
       Service service = factory.createService(url, qname);
      
       HelloWorld webServiceProxy = (HelloWorld)service.getPort(HelloWorld.class);
       ((Stub)webServiceProxy)._setProperty(StubExt.USERNAME_PROPERTY, "kermit");
       ((Stub)webServiceProxy)._setProperty(StubExt.PASSWORD_PROPERTY, "thefrog");
      
       System.out.println("Before");
       String rv = webServiceProxy.echoString("Colin", "Boatwright");
       System.out.println("After");
      
       System.out.println("rv=" + rv);
      
       }
       catch (Exception e)
       {
       e.printStackTrace(System.err);
       }
       }
      }