8 Replies Latest reply on Dec 1, 2009 11:01 AM by pvenkatesh

JAX-WS Basic authorization?

rukus Nov 14, 2007 6:42 AM

I need to implement basic authorization (username and password check) to jax-ws for this service:

@WebService(name="ServerService", serviceName="ServerService")
@SOAPBinding(style = SOAPBinding.Style.RPC)
public class ServerService implements IServerService{
 @WebMethod
 public ServerStatus status() {
 ServerStatus status=ServerStatus.getInstance();
 return status;
 }
}

but i saw only EJB examples...
Where i can find how to do it?

1. Re: JAX-WS Basic authorization?

rukus Nov 14, 2007 8:35 AM (in response to rukus)

oops read authentication instead authorization :)
Actions
2. Re: JAX-WS Basic authorization?

asoldano Nov 14, 2007 9:06 AM (in response to rukus)

Take a look at the context sample (org.jboss.test.ws.jaxws.samples.context.EndpointJSE). You need to manually edit the web.xml and jboss-web.xml with JSE endpoints.
Actions
3. Re: JAX-WS Basic authorization?

rukus Nov 14, 2007 9:26 AM (in response to rukus)

"alessio.soldano@jboss.com" wrote:
Take a look at the context sample (org.jboss.test.ws.jaxws.samples.context.EndpointJSE). You need to manually edit the web.xml and jboss-web.xml with JSE endpoints.

Thanks but i already solved problem
Maybe later i make some tutorial for this
Actions

4. Re: JAX-WS Basic authorization?

rukus Nov 14, 2007 9:40 AM (in response to rukus)

If you need authentication with JAX-WS:
1. Web-service

@WebService(name="ServerService")
@SOAPBinding(style = SOAPBinding.Style.RPC)
public interface IServerService {
 @WebMethod
 String status();
}

@WebService(name = "ServerService", serviceName = "ServerService")
@SOAPBinding(style = SOAPBinding.Style.RPC)
public class ServerService implements IServerService {
 @WebMethod
 @RolesAllowed ("testuser")
 public String status() {
 return "It works";
 }
}

2. web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
 version="2.4">
 <security-constraint>
 <web-resource-collection>
 <web-resource-name>Server service</web-resource-name>
 <url-pattern>/*</url-pattern>
 <http-method>POST</http-method>
 </web-resource-collection>
 <auth-constraint>
 <role-name>testuser</role-name>
 </auth-constraint>
 </security-constraint>
 <login-config>
 <auth-method>BASIC</auth-method>
 </login-config>
 <security-role>
 <description>Known users of the Server service</description>
 <role-name>testuser</role-name>
 </security-role>
 <!-- Web Services -->
<servlet>
 <servlet-name>ServerService</servlet-name>
 <servlet-class>my.ServerService</servlet-class>
 </servlet>

 <!-- Web Services Mapping -->

 <servlet-mapping>
 <servlet-name>ServerService</servlet-name>
 <url-pattern>/ServerService</url-pattern>
 </servlet-mapping>
</web-app>

3. jboss-web.xml

<jboss-web>
 <security-domain>java:/jaas/test_project</security-domain>
</jboss-web>

- I don't exactly understand what is it means - but i think it should be
4. add users.properties and role.properties to project:
users.properties

test=test

roles.properties

test=testuser

5. Client

URL wsdlLocation = new URL("http://127.0.0.1:8080/test_project/ServerService?wsdl");
 QName serviceName = new QName("http://my/", "ServerService");
 Service service = Service.create(wsdlLocation, serviceName);
 IServerService port = service.getPort(IServerService.class);
 BindingProvider bp = (BindingProvider) port;
 Map<String, Object> map = bp.getRequestContext();
 map.put(BindingProvider.USERNAME_PROPERTY, "test");
 map.put(BindingProvider.PASSWORD_PROPERTY, "test");
 String status = port.status();
 System.out.println(status);

I haven't test it but looks like i did't forget anything

5. Re: JAX-WS Basic authorization?

rukus Nov 14, 2007 10:42 AM (in response to rukus)

hmmm....
When i set in ServerService
@RolesAllowed ("ServerServiceStatus")
and then
start test - it works :(

Why? testuser role is not allowed now...
Actions

6. Re: JAX-WS Basic authorization?

rukus Nov 15, 2007 9:29 AM (in response to rukus)

Looks like only web.xml matters

security-constraint>
 <web-resource-collection>
 <web-resource-name>Server service</web-resource-name>
 <url-pattern>/*</url-pattern>
 <http-method>POST</http-method>
 </web-resource-collection>
 <auth-constraint>
 <role-name>testuser</role-name>
 </auth-constraint>
 </security-constraint>

and

@RolesAllowed

annotation does no effect

7. Re: JAX-WS Basic authorization?

asoldano Nov 19, 2007 7:09 AM (in response to rukus)
"rukus" wrote:
Looks like only web.xml matters
security-constraint> <web-resource-collection> <web-resource-name>Server service</web-resource-name> <url-pattern>/*</url-pattern> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>testuser</role-name> </auth-constraint> </security-constraint>

and
@RolesAllowed

annotation does no effect

This is because you're using a POJO endpoint. The annotation approach should work with an EJB3 endpoint.
Actions
8. Re: JAX-WS Basic authorization?

pvenkatesh Dec 1, 2009 11:01 AM (in response to rukus)

Hi alessio

I exactly have followed this topic (http://www.jboss.org/index.html?module=bb&op=viewtopic&t=123643) to implement BASIC (authentication) security for my web service, but I am getting the following exeception

Exception in thread "main" java.lang.NoSuchMethodError: org.jboss.wsf.common.DOMUtils.clearThreadLocals()V
at org.jboss.ws.core.jaxws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:64)
at javax.xml.ws.Service.(Service.java:57)
at javax.xml.ws.Service.create(Service.java:302)
at org.jbia.ws.TestClient.main(TestClient.java:22)
Waiting for your response

Thanks

With regards
Venkat
Actions

Go to original post