10 Replies Latest reply on Jul 15, 2010 12:33 PM by eric_bustad

    Basic authentication for EBWS

    eric_bustad

      I have an EBWS set up using jbossesb-server-4.7.  I want to add http basic authentication to it.  My understanding is that this requires a web.xml file to be deployed with the web service.  I build a .esb with the web.xml file in the WEB-INF folder, but when the .esb is deployed that web.xml file is replaced by one that is created during the deployment process.  I see the following lines in my server.log file:

       

      2010-02-12 11:38:23,718 DEBUG [org.jboss.soa.esb.listeners.config.JBoss4ESBDeployer] nested deployment: file:/C:/java/jbossesb-server-4.7/server/default/tmp/deploy/tmp1939921691740386303dms-master.esb-contents/validation-1.3.0.jar
      2010-02-12 11:38:23,765 DEBUG [org.jboss.soa.esb.listeners.config.JBoss4ESBDeployer] Added schema WEB-INF/wsdl/DMSWebServices/response.xsd
      2010-02-12 11:38:23,765 DEBUG [org.jboss.soa.esb.listeners.config.JBoss4ESBDeployer] Added schema WEB-INF/wsdl/DMSWebServices/fault.xsd
      2010-02-12 11:38:23,765 DEBUG [org.jboss.soa.esb.listeners.config.JBoss4ESBDeployer] Added schema WEB-INF/wsdl/DMSWebServices/XmlLoaderData.xsd
      2010-02-12 11:38:23,765 DEBUG [org.jboss.soa.esb.listeners.config.JBoss4ESBDeployer] Added schema WEB-INF/wsdl/DMSWebServices/Iresponse.xsd
      2010-02-12 11:38:23,765 DEBUG [org.jboss.soa.esb.listeners.config.JBoss4ESBDeployer] Added schema WEB-INF/wsdl/DMSWebServices/request.xsd
      2010-02-12 11:38:24,468 DEBUG [org.jboss.soa.esb.listeners.config.JBoss4ESBDeployer] Added schema WEB-INF/wsdl/DMSWebServices/response.xsd
      2010-02-12 11:38:24,468 DEBUG [org.jboss.soa.esb.listeners.config.JBoss4ESBDeployer] Added schema WEB-INF/wsdl/DMSWebServices/fault.xsd
      2010-02-12 11:38:24,468 DEBUG [org.jboss.soa.esb.listeners.config.JBoss4ESBDeployer] Added schema WEB-INF/wsdl/DMSWebServices/XmlLoaderData.xsd
      2010-02-12 11:38:24,468 DEBUG [org.jboss.soa.esb.listeners.config.JBoss4ESBDeployer] Added schema WEB-INF/wsdl/DMSWebServices/Iresponse.xsd
      2010-02-12 11:38:24,468 DEBUG [org.jboss.soa.esb.listeners.config.JBoss4ESBDeployer] Added schema WEB-INF/wsdl/DMSWebServices/request.xsd
      2010-02-12 11:38:24,828 DEBUG [freemarker.cache] Could not find template in cache, creating new one; id=[templates/web.xml.ftl[en_US,Cp1252,parsed] ]
      2010-02-12 11:38:24,828 DEBUG [freemarker.cache] Compiling FreeMarker template templates/web.xml.ftl[en_US,Cp1252,parsed]  from jar:file:/C:/java/jbossesb-server-4.7/server/default/tmp/deploy/tmp949801992259484641jbossesb-rosetta.jar!/org/jboss/internal/soa/esb/listeners/war/templates/web.xml.ftl
      2010-02-12 11:38:25,296 DEBUG [freemarker.cache] Could not find template in cache, creating new one; id=[templates/jboss-web.xml.ftl[en_US,Cp1252,parsed] ]
      2010-02-12 11:38:25,296 DEBUG [freemarker.cache] Compiling FreeMarker template templates/jboss-web.xml.ftl[en_US,Cp1252,parsed]  from jar:file:/C:/java/jbossesb-server-4.7/server/default/tmp/deploy/tmp949801992259484641jbossesb-rosetta.jar!/org/jboss/internal/soa/esb/listeners/war/templates/jboss-web.xml.ftl
      2010-02-12 11:38:25,375 DEBUG [org.jboss.soa.esb.listeners.config.JBoss4ESBDeployer] nested deployment: file:/C:/java/jbossesb-server-4.7/server/default/tmp/esbwarfiles/dms-master.war

       

      The generated web.xml does not contain anything to control security or authentication.

       

      Can someone give me a clue as to how to do this?

       

      [BTW, I have downloaded the source for jbossesb 4.7.  Oddly, I can see where the "Added schema" messages are coming from org.jboss.soa.esb.listeners.config.JBoss4ESBDeployer, but not the "nested deployment" messages.  Makes me wonder if the source code download really goes with the binary download.  But that is a different question.]

        • 1. Re: Basic authentication for EBWS
          beve

          Hi,

           

          sorry but container level authentication using EBWS has not been implemented yet. Please refer to the this jira for details.

           

          Regards,

           

          /Daniel

          1 of 1 people found this helpful
          • 2. Re: Basic authentication for EBWS
            eric_bustad
            So my only choice is to set up basic authentication for all ESB web services?  I am having trouble figuring out how to do even that.
            • 3. Re: Basic authentication for EBWS
              beve
              So my only choice is to set up basic authentication for all ESB web services?

              At the moment it is not possible to set up basic authentication for EBWS services. But you can use a http gateway and this does support basic authentication. Take a look at the http_gateway quickstart for an example and see if this will suite your needs.

               

              Regards,

               

              /Daniel

              • 4. Re: Basic authentication for EBWS
                eric_bustad
                Yes, this is what I a doing.  I seem to lose the *?wsdl URL and the URL for the service does not show up on the http://host/contract page, but otherwise seems usable.  Also I need to parse the SOAP message myself,  But I would have thought that authentication would be one of the first things supported for any web service.
                • 5. Re: Basic authentication for EBWS
                  h.wolffenbuttel

                  Hi Eric,

                   

                  You can always make your own JBossWS service and use the ServiceInvoker or the SoapProcessor to put the message onto the bus. If you add an AuthenticationRequest to the message the security context will be propagated through the ESB. @Daniel: could you explain how to add this?

                  This way you can (i hope) still use EBWS and do not need to worry about handeling SOAP.

                   

                  Regards

                   

                  Hans

                  • 6. Re: Basic authentication for EBWS
                    eric_bustad

                    Thanks, Hans,

                     

                    I have been trying out the http gateway, but it is not giving me enough control in case of errors.  If an action throws an exception, the client is getting a HTML error page, which it is unable to deal with (no end table for HR element), rather than the SOAP fault message that it was getting before.  So I will look into creating my own JBossWS service.

                     

                    = Eric

                    • 7. Re: Basic authentication for EBWS
                      h.wolffenbuttel

                      Hi Eric,

                       

                      I would be very interested in your sollution. I do have a question about your remark:

                      I have been trying out the http gateway, but it is not giving me enough control in case of errors.  If an action throws an exception, the client is getting a HTML error page, which it is unable to deal with (no end table for HR element), rather than the SOAP fault message that it was getting before. 

                       

                      What do you mean by action? If it is an ESB-action then you can catch the exception thrown by the action and return a modified reply instead of a HTML error page.

                       

                      Regards,

                       

                      Hans

                      • 8. Re: Basic authentication for EBWS
                        eric_bustad
                        How does one do that?  Would I have an action throw an ActionProcessingFaultException with the proper SOAP Message, rather than the plain ActionProcessingException?
                        • 9. Re: Basic authentication for EBWS
                          h.wolffenbuttel

                          Hi Eric,

                           

                          Samples of how to handle exceptions can be found in the quickstart "exceptions_faults". What you do is mainly put an action at the begin of your pipeline which can catch any thown exception, because when an exception occurs it is thrown backwards on the pipline.

                           

                          Regards,

                           

                          Hans

                          • 10. Re: Basic authentication for EBWS
                            eric_bustad

                            I see that I haven't yet followed up.  Yes, the examples have shown me the way to trap exceptions.  Thanks!