-
1. Re: Secure Webservice
heiko.braun May 16, 2007 7:07 AM (in response to iorlas)What do the endpoint bean and interface look like?
-
2. Re: Secure Webservice
iorlas May 18, 2007 12:53 AM (in response to iorlas)I have tried a few different version, the latest look like this:
@WebService(name = "WebServiceEndPoint", targetNamespace = "http://se.pilotfish/fairfleet/ws", serviceName = "WebServiceTest") @SOAPBinding(style= SOAPBinding.Style.RPC) @WebContext(contextRoot = "/service", urlPattern = "/*", authMethod = "BASIC", transportGuarantee = "NONE", secureWSDLAccess = false) @SecurityDomain("fleet-database") @Stateless public class WebServiceTestBean implements WebServiceTest { @WebMethod @WebResult(name = "result") public String test(@WebParam(name = "input") String input) { return "WebService:" + input; } }
@Remote public interface WebServiceTest { public String test(String input); }
-
3. Re: Secure Webservice
sgarelle Aug 28, 2007 12:55 PM (in response to iorlas)Hi,
I am facing exactly the same problem... So, what's the solution?
I am using JBoss_4_2_1_GA.
On client side, I also use the request context to set the user name and password:CmiEndPoint proxy = (CmiEndPoint) service.getPort(CmiEndPoint.class); BindingProvider bp = (BindingProvider) proxy; Map<String, Object> reqCtxt = bp.getRequestContext(); reqCtxt.put(BindingProvider.USERNAME_PROPERTY, user); reqCtxt.put(BindingProvider.PASSWORD_PROPERTY, password); proxy.execCmd("Do this command");
On server side, the WebService is simply declared with the "@WebService" annotation. A security-domain is defined in jboss.xml. Users are defined.
The command failed because of an authentification failure:javax.xml.ws.soap.SOAPFaultException: Authentication failure
The same user/password used for a RMI client calling directly the underlying stateless session bean works.
The same WS client with security disabled on server works. -
4. Re: Secure Webservice
rbellia Sep 6, 2007 11:41 AM (in response to iorlas)I have the same probelm with JBoss AS 4.2.1 ...
The endpoint:@Stateless @WebService @RolesAllowed({"clerk"}) public class CalculatorBean implements CalculatorRemote, CalculatorLocal { @Resource SessionContext sessionCtx; public Integer sum(Integer a, Integer b) { System.out.println("who is it ? " + sessionCtx.getCallerPrincipal()); return a + b; } }
The client:CalculatorBeanService service = new CalculatorBeanService(); CalculatorBean port = service.getCalculatorBeanPort(); BindingProvider bp = (BindingProvider) port; bp.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, "http://localhost:8080/CalculatorBeanService/CalculatorBean"); bp.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "user1"); bp.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "password1"); // TODO initialize WS operation arguments here java.lang.Integer result = port.sum(4002, 450); System.out.println("Result = "+result);
The exception:javax.xml.ws.soap.SOAPFaultException: Authorization failure
The security domain works fine if I use a remote EJB client. -
5. Re: Secure Webservice
thomas.diesler Sep 19, 2007 12:19 AM (in response to iorlas)Please start from a working sample that we distribute and tell us what modification stopped things working
-
6. Re: Secure Webservice
iorlas Sep 19, 2007 8:15 AM (in response to iorlas)This was some time ago, so where I started is not a little bit foggy. But everything worked fine for me up to the point where I protected the webservice with a SecurityDomain. Sadly I cannot post the example code that I started with.
-
7. Re: Secure Webservice
richard_opalka Sep 19, 2007 10:34 AM (in response to iorlas)If you have turned on the SecurityDomain then you must investigate what SecurityManager prohibits you to do and set up the rights correctly so JBossWS stack can work properly.