2 Replies Latest reply on Jun 7, 2005 9:28 AM by Alexey Titorenko

    Specifying security credentials for and Axis - EJB call

    Jason Greene Master

      This forum is for J2EE Web Serivces not JBoss.NET (the 3.x versions of web services), and not axis.

      -Jason

        • 1. Re: Specifying security credentials for and Axis - EJB call
          Alexey Titorenko Newbie

          I have similar problem.

          I created session EJB's endpoint and exposed it. EJB was successfully deployed and corresponding web service was accessible to clients.

          Then I created simple jax-rpc client using dynamic proxies and tried to access that WS. I specified username and password as it is said in the "Java? API for XML-based RPC 1.1" specification. Following is a code snippet from the client:

          final QName qname = new QName("http://kit.test/ws4j2ee/ejb/test", "MyTestService");
          final ServiceFactory factory = ServiceFactory.newInstance();
          final Service service = factory.createService(mwe URL("http://localhost:8080/test-ejb/TestService?wsdl"), qname);
          final TestService ts = (TestService) service.getPort(TestService.class);
          
          final javax.xml.rpc.Stub stub = (javax.xml.rpc.Stub) ts;
          stub._setProperty(javax.xml.rpc.Stub.USERNAME_PROPERTY, "guest");
          stub._setProperty(javax.xml.rpc.Stub.PASSWORD_PROPERTY, "pwd");
          
          System.out.println("calling method 'testMethod' with value " + argument);
          System.out.println("web service response: " + ts.testMethod(Integer.parseInt(argument)));


          I also configured security domain in the login-config.xml and tried to invoke the client. And I got the following in the server log:

          2005-06-07 12:24:22,404 DEBUG [org.jboss.webservice.server.ServiceEndpointServletEJB] doGet: http://localhost:8080/test-ejb/TestService?wsdl
          2005-06-07 12:24:22,404 DEBUG [org.jboss.webservice.server.ServiceEndpointServletEJB] Set transport.url=/test-ejb/TestService
          2005-06-07 12:24:22,404 DEBUG [org.jboss.webservice.server.ServiceEndpointServletEJB] Process wsdl request
          2005-06-07 12:24:23,816 DEBUG [org.jboss.webservice.server.ServerEngine] invoke: org.apache.axis.MessageContext@908faf
          2005-06-07 12:24:23,816 DEBUG [org.jboss.webservice.server.ServerEngine] TransportHandler: http
          2005-06-07 12:24:23,816 DEBUG [org.jboss.webservice.server.InvokerProviderEJB] makeNewServiceObject: class=kit.test.ws4j2ee.TestService
          2005-06-07 12:24:23,816 DEBUG [org.jboss.webservice.server.InvokerProviderEJB] Invoke EJB: public abstract int kit.test.ws4j2ee.TestService.testMethod(int) throws java.rmi.RemoteException
          2005-06-07 12:24:23,826 DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] Bad password for username=null
          2005-06-07 12:24:23,826 DEBUG [org.jboss.ejb.plugins.LogInterceptor] SecurityException in method: public abstract int kit.test.ws4j2ee.TestService.testMethod(int) throws java.rmi.RemoteException:
          javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
           at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:160)
           at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:124)
           at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
           at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
           at sun.reflect.DelegatingMethodAccessorImpl.invoke

          .....

          As it follows from the log, the login module was invoked but it was provided with 'null' username and password.

          Can anybody tell me how I can make it work? I'm using JBoss 4.0.1 sp1.

          Thanks,
          Alexey.

          • 2. Re: Specifying security credentials for and Axis - EJB call
            Alexey Titorenko Newbie

            Now I set up HTTP basic authentication for the endpoint (in jboss.xml) and tried again. And I got 401 HTTP error code (unauthorized).