-
1. Re: ESB Web Service Authentication
noelo Nov 23, 2011 5:09 PM (in response to while_true)I think you're missing the props directory path from the filenames..change
<application-policy name="itstesb"> <authentication> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> <module-option name="usersProperties">esb-users.properties</module-option> <module-option name="rolesProperties">esb-roles.properties</module-option> </login-module> </authentication></application-policy>
to
<application-policy name="itstesb"> <authentication> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> <module-option name="usersProperties">props/esb-users.properties</module-option> <module-option name="rolesProperties">props/esb-roles.properties</module-option> </login-module> </authentication></application-policy>
António Ribeiro wrote:
Hello everyone,
I've created a JBoss ESB web service and I'm able to invoke it through SOAP UI without any trouble.
So I've advanced to the next step: adding authentication to the web service.
In the login-config.xml file I've added the following:
<application-policy name="itstesb"> <authentication> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> <module-option name="usersProperties">esb-users.properties</module-option> <module-option name="rolesProperties">esb-roles.properties</module-option> </login-module> </authentication></application-policy>
And in the jbossesb.xml file I've added the security component to the service in question:
<service category="DummyCategory" description="Dummy WS speaks natively to the ESB" name="DummyWs"> <security moduleName="itstesb" rolesAllowed="JBossAdmin" runAs="JBossAdmin"> <property name="org.jboss.soa.esb.services.security.contextTimeout" value="10000"/> </security> <listeners> ... </listeners> <actions> ... </actions> </service>
Into the <JBOSS_HOME>/server/default/conf/props I've created the two properties files: esb-users.properties and esb-roles.properties.
esb-users.properties
kermit=thefrog
esb-roles.properties
kermit=JBossAdmin
After I've built and deployed the application, I invoked the web service through SOAP UI without filling the authentication headers and, for my surprise, it went well...
Since I didn't fill the authentication headers wasn't suppose some kind of an error occur? What am I missing here?
Can you please enlighten me?
Grateful for your attention.
Best regards
-
2. Re: ESB Web Service Authentication
while_true Nov 24, 2011 5:17 AM (in response to noelo)Hey Noel,
First of all thanks for the reply!
I tried your suggestion and I keep being able to access the web service... It seems like JBoss ESB isn't taking into account the authentication configs!
-
3. Re: ESB Web Service Authentication
noelo Nov 24, 2011 6:14 PM (in response to while_true)Take a look at the security_basic quickstart and modify it to use your application policy.
This should indicate if the issue is with the app policy or the client code.
I just tried it here and it worked ok, throwning an exception if the auth headers were not present.
-
4. Re: ESB Web Service Authentication
while_true Dec 2, 2011 12:57 PM (in response to noelo)Noel,
I tried the security_basic quickstart example and, in fact, it does work!
The thing is that when I try to run the same example but if, instead of using the security_basic actions, I use a web service invoking it through SOAP UI it doesn't make any validations...
Do I need to put any annotations into my web service? I really don't know what is missing here... Can I get a little help?
Grateful for your attention.
Best regards.
-
5. Re: ESB Web Service Authentication
noelo Dec 2, 2011 6:15 PM (in response to while_true)Hi Antonio,
Can you attach your esb project and I'll try it here on my machine. Have you confirmed that soap-ui is no passing any credentials.
cheers
Noel
-
6. Re: ESB Web Service Authentication
while_true Dec 5, 2011 8:51 AM (in response to noelo)Hey Noel,
You can find the project in attachment. I've just modified the security_basic quickstart to receive my web service, therefore you just need to paste the folder into the ESB default security_basic and deploy it into the JBoss server.
Grateful for your help and attention.
Best regards.
-
security_basic.zip 36.5 KB
-
-
7. Re: ESB Web Service Authentication
noelo Dec 12, 2011 6:05 PM (in response to while_true)1 of 1 people found this helpfulHi Antonio,
I finally got around to looking into this and it seems that there is an issue here.
It seems to come down to how the WAR is deployed. If its in the ESB project then the request for credentials is ignored. however if the war is deployed separate from the ESB project then the security checked is performed and only when the credentials are presented does the request succeed.
Can you raise a jira on this so it can be looked into.
regards
Noel
-
8. Re: ESB Web Service Authentication
while_true Jan 4, 2012 7:03 AM (in response to noelo)Hey Noel,
Thank you so much for your feedback! I've raised the jira issue (JBESB-3718) as you suggested and now it's just wait until they (hopefully) fix it!
Best regards!
-
9. Re: ESB Web Service Authentication
while_true Jan 24, 2012 11:46 AM (in response to noelo)Hey Noel,
After lots of attempts, I finally got it!
In a certain way it had to deal with what you've said about the WAR, but not the way it is deployed. The thing is that if there's a war/resources/WEB-INF folder with both web.xml and jboss-web.xml, the ESB will not take into account any credentials! Why? I don't know!
So, instead of having with my web services a war/resources/WEB-INF folder with the respective xml endpoint configuration files, I've adopted the solution of treating all my web services as they were EJBs.
Thank you for all your time! I'm really appreciated!
Best regards,
António
-
10. Re: ESB Web Service Authentication
noelo Jan 24, 2012 7:43 PM (in response to while_true)Thats good news, could you add a comment to the JIRA explaining the work around or suggesting it be closed if its a non-issue now.
cheers
Noel