5 Replies Latest reply on Oct 3, 2007 7:57 AM by deanouk

    BASIC Authentication with jbossws-2.0.0.GA

    fheldt

      I had some time to spend and did a short test of jbossws-2.0.0.GA (under jboss-4.2.1.GA). Most Webservices worked like under jbossws-1.2.0, but then i found a big problem. A secured SLSB that worked without a problem with a .NET 2.0 Client stopped working :-(

      I always get "Authentification failed" under jbosss-2.0.0.GA.

      @Stateless
      @WebService
      @SOAPBinding(
       style=SOAPBinding.Style.RPC,
       use=SOAPBinding.Use.LITERAL
      )
      @SecurityDomain("myRealm")
      @RolesAllowed({"Admin", "Operator", "User"})
      @WebContext(authMethod="BASIC", transportGuarantee="NONE", secureWSDLAccess=false)
      public class WebServiceEJB implements WebServiceIf
      {
      ...
      }
      


      Any hints what has changed here?

        • 1. Re: BASIC Authentication with jbossws-2.0.0.GA
          heiko.braun

          Did you use 4.2.0 in both cases?

          • 2. Re: BASIC Authentication with jbossws-2.0.0.GA
            fheldt

            I used jboss-4.2.1.GA (which includes jbossws-1.2.1.GA) only tweaked for .NET Webservices (restrictedUserAgents="^.*MS Web Services Client Protocol .*$" n jboss-web.deployer/server.xml). Everything works lik charm here.

            Then i installed jbossws-2.0.0.GA. The log file showed no problems, but i couldn't authenticate to the webservice any longer. A SLSB webservice without authenticaton works without a problem.

            The client is a simple C# .NET 2.0 program.

            • 3. Re: BASIC Authentication with jbossws-2.0.0.GA

              I have some problem, but I use own LoginModule. And an Exception was thrown in this LoginModule when it tried to get NameCallback (or PasswordCallback). With JBossWS 1.2.1 all works fine. JBoss 4.2.0

              Regards,
              Alexey

              • 4. Re: BASIC Authentication with jbossws-2.0.0.GA
                fheldt

                Here are the relevant lines from the log (i enabled trace for org.jboss.security.auth.spi):

                2007-08-03 15:08:18,623 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] initialize, instance=@19070485
                2007-08-03 15:08:18,624 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Security domain: dhcRealm
                2007-08-03 15:08:18,624 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] DatabaseServerLoginModule, dsJndiName=java:/DHCDS
                2007-08-03 15:08:18,624 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] principalsQuery=SELECT user_pass FROM Users WHERE UserID=? AND Expires>=CURRENT_DATE
                2007-08-03 15:08:18,624 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] rolesQuery=SELECT Role,'' AS RoleGroup FROM Roles R,Users U,Users_Roles_Link UR WHERE U.UserID=? AND U.Id=UR.UserID AND R.Id=UR.RoleId
                2007-08-03 15:08:18,624 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendResume=true
                2007-08-03 15:08:18,624 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] login
                2007-08-03 15:08:18,624 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Authenticating as unauthenticatedIdentity=null
                2007-08-03 15:08:18,624 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendAnyTransaction
                2007-08-03 15:08:18,625 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Excuting query: SELECT user_pass FROM Users WHERE UserID=? AND Expires>=CURRENT_DATE, with username: null
                2007-08-03 15:08:18,626 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Query returned no matches from db
                2007-08-03 15:08:18,626 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] resumeAnyTransaction
                2007-08-03 15:08:18,626 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] abort
                2007-08-03 15:08:18,626 ERROR [org.jboss.ws.core.jaxws.SOAPFaultHelperJAXWS] SOAP request exception
                javax.ejb.EJBAccessException: Authentication failure
                 at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.handleGeneralSecurityException(Ejb3AuthenticationInterceptor.java:68)
                 at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:70)
                 at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:106)
                 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
                 at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:46)
                 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
                 at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
                 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
                 at org.jboss.wsf.container.jboss42.InvocationHandlerEJB3.invoke(InvocationHandlerEJB3.java:98)
                 at org.jboss.ws.core.server.ServiceEndpointInvoker.invoke(ServiceEndpointInvoker.java:206)
                 at org.jboss.wsf.stack.jbws.RequestHandlerImpl.processRequest(RequestHandlerImpl.java:396)
                 at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleRequest(RequestHandlerImpl.java:260)
                 at org.jboss.wsf.stack.jbws.RequestHandlerImpl.doPost(RequestHandlerImpl.java:177)
                 at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:110)
                 at org.jboss.wsf.spi.invocation.EndpointServlet.service(EndpointServlet.java:72)
                 at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
                 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
                 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
                 at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
                 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
                 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
                 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
                 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
                 at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179)
                 at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
                 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
                 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
                 at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
                 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
                 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
                 at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
                 at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:580)
                 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
                 at java.lang.Thread.run(Thread.java:595)
                2007-08-03 15:08:18,628 ERROR [org.jboss.ws.core.jaxws.SOAPFaultHelperJAXWS] SOAP request exception
                javax.ejb.EJBAccessException: Authentication failure
                 at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.handleGeneralSecurityException(Ejb3AuthenticationInterceptor.java:68)
                 at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:70)
                 at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:106)
                 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
                 at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:46)
                 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
                 at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
                 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
                 at org.jboss.wsf.container.jboss42.InvocationHandlerEJB3.invoke(InvocationHandlerEJB3.java:98)
                 at org.jboss.ws.core.server.ServiceEndpointInvoker.invoke(ServiceEndpointInvoker.java:206)
                 at org.jboss.wsf.stack.jbws.RequestHandlerImpl.processRequest(RequestHandlerImpl.java:396)
                 at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleRequest(RequestHandlerImpl.java:260)
                 at org.jboss.wsf.stack.jbws.RequestHandlerImpl.doPost(RequestHandlerImpl.java:177)
                 at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:110)
                 at org.jboss.wsf.spi.invocation.EndpointServlet.service(EndpointServlet.java:72)
                 at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
                 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
                 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
                 at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
                 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
                 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
                 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
                 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
                 at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179)
                 at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
                 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
                 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
                 at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
                 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
                 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
                 at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
                 at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:580)
                 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
                 at java.lang.Thread.run(Thread.java:595)
                


                Here's the code:
                package com.hcuc.ejb;
                
                import javax.ejb.Remote;
                
                @Remote
                public interface EchoIf
                {
                 public String echo(String name);
                }
                


                package com.hcuc.ejb;
                
                import javax.annotation.security.RolesAllowed;
                import javax.ejb.Stateless;
                import javax.jws.WebMethod;
                import javax.jws.WebParam;
                import javax.jws.WebService;
                import javax.jws.soap.SOAPBinding;
                
                import org.jboss.annotation.security.SecurityDomain;
                import org.jboss.logging.Logger;
                import org.jboss.ws.annotation.WebContext;
                
                
                @Stateless
                @WebService
                //@WebService(name="HCUCService",serviceName="HCUCWebService")
                @SOAPBinding(
                 style=SOAPBinding.Style.RPC,
                 use=SOAPBinding.Use.LITERAL
                )
                @SecurityDomain("dhcRealm")
                @RolesAllowed({"Admin"})
                @WebContext(authMethod="BASIC", transportGuarantee="NONE", secureWSDLAccess=false)
                public class EchoEJB implements EchoIf
                {
                 private static Logger logger = Logger.getLogger(EchoEJB.class);
                
                 @WebMethod
                 public String echo(@WebParam(name="name") String name) {
                 if (logger.isTraceEnabled())
                 logger.trace(String.format("Enter echo('%s')", name));
                 return "Hello " + name;
                 }
                }
                


                Here's the C# client:
                using System;
                using System.Collections.Generic;
                using System.Text;
                using System.Net;
                using TestWSApp.WebReference;
                
                namespace TestWSApp
                {
                 class Program
                 {
                 static void Main(string[] args)
                 {
                 EchoEJBService ws = new EchoEJBService();
                 ws.Credentials = new NetworkCredential("admin", "secret");
                 ws.PreAuthenticate = true;
                 try
                 {
                 Console.WriteLine(ws.echo("Frank"));
                 }
                 catch (Exception ex)
                 {
                 Console.WriteLine(ex.ToString());
                 }
                 Console.Write("\n\nPress any key: ");
                 Console.ReadKey();
                 }
                 }
                }
                


                • 5. Re: BASIC Authentication with jbossws-2.0.0.GA
                  deanouk

                  Did you find a resolution to this issue? I'm experiencing similar problems.