5 Replies Latest reply on Jan 13, 2008 2:21 PM by jbn1v

Cannot access web service with HTTP Basic Authentication ena

jbn1v Jan 11, 2008 5:53 PM

I'm running JBoss 4.2 with the latest jbossws libraries. I have a simple web service running and I wanted to secure it with HTTP Basic Authentication (actually anything would do but that seemed the simplest). I followed the steps in http://jbws.dyndns.org/mediawiki/index.php?title=Authentication, but now my client gets an error when creating the service (this is before setting the username and password using the BindingProvider -- but you need the service object on which to do that -- perhaps a chicken/egg problem?)

service = Service.create(wsdlURL, new QName(...));

Now gets:

[exec] org.jboss.ws.metadata.wsdl.WSDLException: Cannot parse wsdlLocation: http://localhost:8080/resonantProcessLibrary?wsdl
 [exec] at org.jboss.ws.tools.wsdl.WSDLDefinitionsFactory.getDocument(WSDLDefinitionsFactory.java:183)
 [exec] at org.jboss.ws.tools.wsdl.WSDLDefinitionsFactory.parse(WSDLDefinitionsFactory.java:108)
 [exec] at org.jboss.ws.metadata.umdm.ServiceMetaData.getWsdlDefinitions(ServiceMetaData.java:321)
 [exec] at org.jboss.ws.metadata.builder.jaxws.JAXWSClientMetaDataBuilder.buildMetaData(JAXWSClientMetaDataBuilder.java:85)
 [exec] at org.jboss.ws.core.jaxws.spi.ServiceDelegateImpl.<init>(ServiceDelegateImpl.java:132)
 [exec] at org.jboss.ws.core.jaxws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:63)
 [exec] at javax.xml.ws.Service.<init>(Service.java:82)
 [exec] at javax.xml.ws.Service.create(Service.java:334)
 [exec] at com.resonant.processlibrary.api.RemoteDocumentRepository.<init>(RemoteDocumentRepository.java:77)

When I try to access the wsdl in a browser using the wsdlURL I get the username/password challenge and after entering the correct credentials I get the WSDL so things seems to be working on the server end. Just cannot get the client to connect. It sort of seems like the username/password are needed to get the WSDL to seup the service but there is no way to provide the username/password until the service is setup. But that's what the example says to do and my code is following it exactly.
One other tidbit. When I use my .Net client to access the webservice I get a 401 (unauthorized) as expected, but when I modify the .NET client to add the credential I then get a 505 (HTTP protocal not supported).

1. Re: Cannot access web service with HTTP Basic Authentication

peterj Jan 11, 2008 6:24 PM (in response to jbn1v)

Web service calls are done using POST, while the wsdl is access using GET. Change your web.xml to secure only POST messages, then your wsdl will be accessible once more (of course, it will be accessible to anyone)
Actions
2. Re: Cannot access web service with HTTP Basic Authentication

asoldano Jan 11, 2008 6:42 PM (in response to jbn1v)

You should either protect the service only (allowing unauthenticated access to the wsdl contract, for example using secureWSDLAccess=false in your @WebContext annotation) or let your client consume a local copy of the wsdl you previously downloaded manually providing username & password. Please note that this also increase performance.
Actions
3. Re: Cannot access web service with HTTP Basic Authentication

jbn1v Jan 11, 2008 8:12 PM (in response to jbn1v)

Good news and bad news:

Good news: Securing only POST messages in web.xml got my Java client working (thank you very much PeterJ).

Bad news: My .NET client still fails with a 505

I also tried using @WebContext(secureWSDLAccess=false) but that didn't seem to have any effect. Is it because I already had a security-constraint in web.xml and that overrode the annotation? Os is the annotation only for EJBs? This is a POJO.

But I would like to try the other idea of using a pre-loaded WSDL. How would I go about creating the service object if I had the WSDL in hand? This is just a nice have of course, my real remaining problem is:

My .NET client still won't connect (gets an HTTP 505 error). Any ideas?
Actions
4. Re: Cannot access web service with HTTP Basic Authentication

asoldano Jan 12, 2008 5:08 AM (in response to jbn1v)

"jeff norton" wrote:
Os is the annotation only for EJBs? This is a POJO.

Yes, the annotation is for EJB endpoints only.

But I would like to try the other idea of using a pre-loaded WSDL. How would I go about creating the service object if I had the WSDL in hand?

You should either re-run wsconsume pointing the local wsdl or look at the client you have already generated and modify the references to the wsdl so that it uses the local one.

My .NET client still won't connect (gets an HTTP 505 error). Any ideas?

Is the last FAQ of this your case? http://wiki.jboss.org/wiki/Wiki.jsp?page=JBossWSAndDotNet
Actions
5. Re: Cannot access web service with HTTP Basic Authentication

jbn1v Jan 13, 2008 2:21 PM (in response to jbn1v)
That FAQ does indeed cover my case and the solution works for me. I'm now a happy camper. Microsoft should feel intense embarrassment about the state of their HTTP implementation.

Might be good if someone updated http://jbws.dyndns.org/mediawiki/index.php?title=Authentication to point out the need to secure only POST and leave GET open to access the WSDL as well as put in a link to the problems with .NET clients. I tried to edit it but was not able.

As for wsconsume when I run it I do point it to a local wsdl file. I was always mystified as to why it needed the wsdl url at runtime since the client should have been generated with everything it needed (that's the way my .NET client works -- no WSDL needed at runtime). There seem to be two static methods (constructors) on Service. When I use the form that doesn't use the WSDL URL I get:
[exec] WARN - Cannot get port meta data for: {http://processlibrary.resonant.com/}RawDocumentRepositoryPort [exec] javax.xml.ws.WebServiceException: org.jboss.ws.WSException: Target endpoint address not set
How do you create an endpoint without the WSDL at runtime?

Anyway thanks for all the help. I'm now up and running!
Actions

Go to original post