4 Replies Latest reply on Nov 15, 2006 9:07 AM by webmarck

    EJB3.0 annotation security and webservices.

    webmarck
    webmarck Oct 28, 2006 11:51 AM

      I have a session bean where all methods look like this

      @RolesAllowed("customer")
public void setName(String name);


      Now I want to expose that method as a webservice but I have no idea on how to tell my client the username and password 

      URL url = new URL("http://localhost:8080/test/MyBean?wsdl");
QName qname = new QName("http://test.niro.dk/jaws",
 "MyService");
ServiceFactory factory = ServiceFactory.newInstance();
Service service = factory.createService(url, qname);
My myTest = (My)service.getPort(My.class);
myTest.setName("test");


      So I of course get this exception 

      Exception in thread "main" java.lang.reflect.UndeclaredThrowableException
at $Proxy0.resetDatabase(Unknown Source)
at dk.test.MyClient.main(MyClient.java:21)
Caused by: java.rmi.RemoteException: Call invocation failed with code [Client] because of: Authentication failure; nested exception is:
javax.xml.rpc.soap.SOAPFaultException: Authentication failure
at org.jboss.ws.jaxrpc.CallImpl.invokeInternal(CallImpl.java:715)
at org.jboss.ws.jaxrpc.CallImpl.invoke(CallImpl.java:398)
at org.jboss.ws.jaxrpc.CallProxy.invoke(CallProxy.java:164)
... 2 more
Caused by: javax.xml.rpc.soap.SOAPFaultException: Authentication failure
at org.jboss.ws.jaxrpc.SOAPFaultExceptionHelper.getSOAPFaultException(SOAPFaultExceptionHelper.java:100)
at org.jboss.ws.binding.soap.SOAPBindingProvider.unbindResponseMessage(SOAPBindingProvider.java:505)
at org.jboss.ws.jaxrpc.CallImpl.invokeInternal(CallImpl.java:704)
... 4 more


      And the server throws a 

      17:39:26,140 ERROR [SOAPFaultExceptionHelper] SOAP request exception
javax.ejb.EJBAccessException: Authentication failure
at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.handleGeneralSecurityException(Ejb3AuthenticationInterceptor.java:99)
at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:70)


      Plzzzzz help!!

      • 4050 Views
      • Tags:
        • 1. Re: EJB3.0 annotation security and webservices.
          jgilbert
          jgilbert Oct 29, 2006 10:40 AM (in response to webmarck)

          Take a look at the JBossWS user guide chapter on securing endpoints:
          http://labs.jboss.com/portal/jbossws/user-guide/en/html/secure-ejb.html

          You basically set properties on the Stub.

          I haven't tried it but I bet calling the the ClientSideLogingModule would to the trick also.

            • Actions
          • 2. Re: EJB3.0 annotation security and webservices.
            webmarck
            webmarck Oct 30, 2006 5:59 AM (in response to webmarck)

            Thanks for your reply,

            I followed the guide as much as possible, but unfortunately I haven?t been able to get it work yet.

            I have modified my server bean so it uses the same security domain as the webservice just to make things simple.

            @SecurityDomain("JBossWS")
?
@RolesAllowed("friend")
public void setName(String name);


            I have modified the client as the example says. 
            URL url = new URL("http://localhost:8080/test/MyBean?wsdl");
QName qname = new QName("http://test.niro.dk/jaws", "MyService");
ServiceFactory factory = ServiceFactory.newInstance();
Service service = factory.createService(url, qname);
My myTest = (My)service.getPort(My.class);
Stub stub = (Stub) myTest;
stub._setProperty(Stub.USERNAME_PROPERTY, "kermit");
stub._setProperty(Stub.PASSWORD_PROPERTY, "thefrog");
myTest.setName("test");


            Think I am getting close now because now I get a 

            10:42:38,125 ERROR [SOAPFaultExceptionHelper] SOAP request exception
javax.ejb.EJBAccessException: Authentication failure
 at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.handleGeneralSecurityException(Ejb3AuthenticationInterceptor.java:99)
 at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:70)
 at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:131)



            I can see the guide wants me to set a

            <auth-method>BASIC</auth-method>

            But the version of jboss.xml (http://www.jboss.org/j2ee/schema/jboss_5_0.xsd) doesn?t contain that tag.

            Anybody have a good idea on what to do now?


              • Actions
            • 3. Re: EJB3.0 annotation security and webservices.
              vans
              vans Nov 15, 2006 8:59 AM (in response to webmarck)

              Hello webmarck,

              I think, I've got a similar problem. Did you ever get it work?

              regards,
              Vans

                • Actions
              • 4. Re: EJB3.0 annotation security and webservices.
                webmarck
                webmarck Nov 15, 2006 9:07 AM (in response to webmarck)

                No - I was forced to disable @RolesAllowed("customer") security :-(
                Means alot of extra coding...

                  • Actions