1 Reply Latest reply on Dec 2, 2007 5:03 PM by asoldano

    Authorization Failure using secure end point

    mendaye

      Hello All:

      I follow the user guide on JBOSSWS2.0.GA to create basic authentication for the web services created using secure EJB3.0 end-point. However, I am getting authorization error when the consumer request the service.
      Can some one help me to resolve this issue? Below is consumer, statless EJB, service end-point interface and exception thrown...

      Consumer Code:

      import java.net.URL;
      import java.util.ArrayList;
      import java.util.Vector;
      import java.util.HashMap;
      
      import javax.xml.namespace.QName;
      import javax.xml.ws.Service;
      import javax.xml.ws.BindingProvider;
      
      import com.panduit.acmnms.db.Device;
      import com.panduit.acmnms.db.DeviceType;
      import com.panduit.pvng.service.api.db.interfaces.PVNGDeviceEndPoint;
      import com.panduit.pvng.service.api.db.ejb.TestDeviceBean;
      import com.panduit.acmnms.beans.*;
      
      
      public class WsClientTest {
      
      
       static void printDeviceObj(DeviceTypeObject devTypeObj){
       System.out.println("----------------------------------------------------");
       System.out.println("deviceType = "+ devTypeObj.getDeviceType());
       System.out.println("deviceType = "+ devTypeObj.getDescription());
       System.out.println("deviceType = "+ devTypeObj.getNumberPorts());
       System.out.println("deviceType = "+ devTypeObj.getNumRackSpaces());
       System.out.println("deviceType = "+ devTypeObj.getVendorId());
       System.out.println("deviceType = "+ devTypeObj.getIconFilePath());
       System.out.println("deviceType = "+ devTypeObj.getIsactive());
       System.out.println("deviceType = "+ devTypeObj.getIsdualPort());
       System.out.println("deviceType = "+ devTypeObj.getDeviceCategoryDesc());
       System.out.println("deviceType = "+ devTypeObj.getIsSwitchType());
       System.out.println("deviceType = "+ devTypeObj.getPartNumber());
       System.out.println("deviceType = "+ devTypeObj.getPortGroupCount());
       System.out.println("----------------------------------------------------");
      
       }
      
       /**
       * @param args
       */
       public static void main(String[] args) throws Exception {
       // TODO Auto-generated method stub
       //URL url = new URL("http://localhost:8080/api-service-1/PVNGDevice?wsdl");
       URL url = new URL("http://127.0.0.1:8080/pvng-api-service-1.0/TestDeviceBean?wsdl");
       QName qname = new QName("http://api.service.pvng.panduit.com/deviceaccess", "DeviceService");
       Service service = Service.create(url, qname);
      
      
       PVNGDeviceEndPoint deviceEndPoint = (PVNGDeviceEndPoint) service.getPort(PVNGDeviceEndPoint.class);
       //This was added to support basic Authentications
       BindingProvider bp = (BindingProvider)deviceEndPoint;
       bp.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "kermit");
       bp.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "thefrog");
      
       DeviceTypeObject deviceTypObj = (DeviceTypeObject) deviceEndPoint.getSingleDeviceType(1);
       if( deviceTypObj != null ){
       System.out.println(" ***** Device Type when ID is 1");
       WsClientTest.printDeviceObj( deviceTypObj);
       }
      
      
       ArrayList deviceWsObjs = deviceEndPoint.getAllExistingDeviceTypes();
       if( deviceWsObjs != null && deviceWsObjs.size() > 0){
       System.out.println("****** All Device Type data");
       for( int i = 0; i < deviceWsObjs.size(); i++ ){
       WsClientTest.printDeviceObj((DeviceTypeObject)deviceWsObjs.get(i));
       }
       }
       }
      }
      
      
      


      EJB service end point code:

      
      package com.panduit.pvng.service.api.db.ejb;
      import java.util.ArrayList;
      
      import com.panduit.acmnms.beans.DeviceTypeObject;
      import com.panduit.acmnms.db.Device;
      import com.panduit.acmnms.db.DeviceType;
      import com.panduit.pvng.service.api.db.dao.PVNGAPIDeviceDAO;
      import com.panduit.pvng.service.api.db.interfaces.TestDevice;
      import com.panduit.pvng.service.exception.PVNGAPIException;
      
      import javax.annotation.Resource;
      import javax.annotation.security.DeclareRoles;
      import javax.annotation.security.RolesAllowed;
      import javax.annotation.security.DeclareRoles;
      import javax.ejb.Remote;
      import javax.ejb.Stateless;
      import javax.jws.WebParam;
      import javax.jws.WebService;
      import javax.jws.WebMethod;
      import javax.jws.soap.SOAPBinding;
      import javax.xml.ws.WebServiceContext;
      
      import org.jboss.annotation.ejb.RemoteBinding;
      import org.jboss.annotation.security.SecurityDomain;
      
      @Stateless
      @SecurityDomain("JBossWS")
      //@DeclareRoles("friend")
      @RolesAllowed("friend")
      @Remote(TestDevice.class)
      @RemoteBinding(jndiBinding="ejb3/TestDevice")
      @WebService(name = "PVNGDeviceEndPoint", targetNamespace = "http://api.service.pvng.panduit.com/deviceaccess", serviceName = "DeviceService")
      @SOAPBinding(style = SOAPBinding.Style.DOCUMENT, use=SOAPBinding.Use.LITERAL)
      public class TestDeviceBean implements TestDevice{
      
      
       @WebMethod(operationName = "getAllExistingDeviceTypes")
       public ArrayList <DeviceTypeObject> getAllDevicesTypes() throws PVNGAPIException{
       PVNGAPIDeviceDAO loPVNGAPIDeviceDAO = new PVNGAPIDeviceDAO();
       // call the business method in DAO class
       ArrayList <DeviceTypeObject>lalPortInfo = loPVNGAPIDeviceDAO.getAllDeviceTypes();
       // Return the information back to the calling program
       return lalPortInfo;
       }
      
      
       @WebMethod(operationName = "getSingleDeviceType")
       public DeviceTypeObject getDeviceType(@WebParam (name="DeviceTypeID") int deviceTypeId) throws PVNGAPIException{
       PVNGAPIDeviceDAO loPVNGAPIDeviceDAO = new PVNGAPIDeviceDAO();
       // call the business method in DAO class
       DeviceTypeObject deviceTypeObj = loPVNGAPIDeviceDAO.getDeviceTypeById(deviceTypeId);
       // Return the information back to the calling program
      System.out.println(" **** EJB Called and ArrayList for Device Type name :"+ deviceTypeObj.getDescription());
       return deviceTypeObj;
       }
      }
      
      


      Service End Point Interface:

      package com.panduit.pvng.service.api.db.interfaces;
      
      import java.rmi.Remote;
      import java.rmi.RemoteException;
      import java.util.ArrayList;
      
      import javax.jws.WebMethod;
      import javax.jws.WebParam;
      import javax.jws.WebService;
      import javax.jws.soap.SOAPBinding;
      
      import com.panduit.acmnms.beans.DeviceTypeObject;
      import com.panduit.pvng.service.exception.PVNGAPIException;
      
      @WebService(name = "PVNGDeviceEndPoint", targetNamespace = "http://api.service.pvng.panduit.com/deviceaccess", serviceName = "DeviceService")
      @SOAPBinding(style = SOAPBinding.Style.DOCUMENT, use=SOAPBinding.Use.LITERAL)
      
      public interface PVNGDeviceEndPoint extends Remote {
       @WebMethod(operationName = "getSingleDeviceType")
       public DeviceTypeObject getSingleDeviceType(@WebParam (name="DeviceTypeID", partName="DeviceTypeID") int deviceTypeId) throws RemoteException, PVNGAPIException;
       //public ArrayList<DeviceTypeObject> getAllDevicesTypes() throws PVNGAPIException;
       @WebMethod(operationName = "getAllExistingDeviceTypes")
       public ArrayList<DeviceTypeObject> getAllExistingDeviceTypes() throws RemoteException, PVNGAPIException;
      }
      
      


      Here is the exception thrown when consumer request the service.

       [java] DEBUG [main] (MessageContextAssociation.java:75) - popMessageContext
      : org.jboss.ws.core.jaxws.handler.SOAPMessageContextJAXWS@17918f0 (Thread main)
       [java] Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: Aut
      horization failure
       [java] at org.jboss.ws.core.jaxws.SOAPFaultHelperJAXWS.getSOAPFaultExce
      ption(SOAPFaultHelperJAXWS.java:69)
       [java] at org.jboss.ws.core.jaxws.binding.SOAP11BindingJAXWS.throwFault
      Exception(SOAP11BindingJAXWS.java:109)
       [java] at org.jboss.ws.core.CommonSOAPBinding.unbindResponseMessage(Com
      monSOAPBinding.java:553)
       [java] at org.jboss.ws.core.CommonClient.invoke(CommonClient.java:371)
       [java] at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.j
      ava:243)
       [java] at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy
      .java:164)
       [java] at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy
      .java:150)
       [java] at $Proxy13.getSingleDeviceType(Unknown Source)
       [java] at ejb.WsClientTest.main(WsClientTest.java:70)
       [java] Java Result: 1
      


      I checked security data for JBossWS in login-config.xml, jbossws-user.properties and jbossws-role.properties. I don't see any problem, all of them are correct. I am not sure what is going on here... Help Help..

      Thanks,
      Surafel