-
1. Re: JAX-WS Basic authorization?
rukus Nov 14, 2007 8:35 AM (in response to rukus)oops read authentication instead authorization :)
-
2. Re: JAX-WS Basic authorization?
asoldano Nov 14, 2007 9:06 AM (in response to rukus)Take a look at the context sample (org.jboss.test.ws.jaxws.samples.context.EndpointJSE). You need to manually edit the web.xml and jboss-web.xml with JSE endpoints.
-
3. Re: JAX-WS Basic authorization?
rukus Nov 14, 2007 9:26 AM (in response to rukus)"alessio.soldano@jboss.com" wrote:
Take a look at the context sample (org.jboss.test.ws.jaxws.samples.context.EndpointJSE). You need to manually edit the web.xml and jboss-web.xml with JSE endpoints.
Thanks but i already solved problem
Maybe later i make some tutorial for this -
4. Re: JAX-WS Basic authorization?
rukus Nov 14, 2007 9:40 AM (in response to rukus)If you need authentication with JAX-WS:
1. Web-service@WebService(name="ServerService") @SOAPBinding(style = SOAPBinding.Style.RPC) public interface IServerService { @WebMethod String status(); }
@WebService(name = "ServerService", serviceName = "ServerService") @SOAPBinding(style = SOAPBinding.Style.RPC) public class ServerService implements IServerService { @WebMethod @RolesAllowed ("testuser") public String status() { return "It works"; } }
2. web.xml<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4"> <security-constraint> <web-resource-collection> <web-resource-name>Server service</web-resource-name> <url-pattern>/*</url-pattern> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>testuser</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> </login-config> <security-role> <description>Known users of the Server service</description> <role-name>testuser</role-name> </security-role> <!-- Web Services --> <servlet> <servlet-name>ServerService</servlet-name> <servlet-class>my.ServerService</servlet-class> </servlet> <!-- Web Services Mapping --> <servlet-mapping> <servlet-name>ServerService</servlet-name> <url-pattern>/ServerService</url-pattern> </servlet-mapping> </web-app>
3. jboss-web.xml<jboss-web> <security-domain>java:/jaas/test_project</security-domain> </jboss-web>
- I don't exactly understand what is it means - but i think it should be
4. add users.properties and role.properties to project:
users.propertiestest=test
roles.propertiestest=testuser
5. ClientURL wsdlLocation = new URL("http://127.0.0.1:8080/test_project/ServerService?wsdl"); QName serviceName = new QName("http://my/", "ServerService"); Service service = Service.create(wsdlLocation, serviceName); IServerService port = service.getPort(IServerService.class); BindingProvider bp = (BindingProvider) port; Map<String, Object> map = bp.getRequestContext(); map.put(BindingProvider.USERNAME_PROPERTY, "test"); map.put(BindingProvider.PASSWORD_PROPERTY, "test"); String status = port.status(); System.out.println(status);
I haven't test it but looks like i did't forget anything -
5. Re: JAX-WS Basic authorization?
rukus Nov 14, 2007 10:42 AM (in response to rukus)hmmm....
When i set in ServerService
@RolesAllowed ("ServerServiceStatus")
and then
start test - it works :(
Why? testuser role is not allowed now... -
6. Re: JAX-WS Basic authorization?
rukus Nov 15, 2007 9:29 AM (in response to rukus)Looks like only web.xml matters
security-constraint> <web-resource-collection> <web-resource-name>Server service</web-resource-name> <url-pattern>/*</url-pattern> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>testuser</role-name> </auth-constraint> </security-constraint>
and@RolesAllowed
annotation does no effect -
7. Re: JAX-WS Basic authorization?
asoldano Nov 19, 2007 7:09 AM (in response to rukus)"rukus" wrote:
Looks like only web.xml matterssecurity-constraint> <web-resource-collection> <web-resource-name>Server service</web-resource-name> <url-pattern>/*</url-pattern> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>testuser</role-name> </auth-constraint> </security-constraint>
and@RolesAllowed
annotation does no effect
This is because you're using a POJO endpoint. The annotation approach should work with an EJB3 endpoint. -
8. Re: JAX-WS Basic authorization?
pvenkatesh Dec 1, 2009 11:01 AM (in response to rukus)Hi alessio
I exactly have followed this topic (http://www.jboss.org/index.html?module=bb&op=viewtopic&t=123643) to implement BASIC (authentication) security for my web service, but I am getting the following exeception
Exception in thread "main" java.lang.NoSuchMethodError: org.jboss.wsf.common.DOMUtils.clearThreadLocals()V
at org.jboss.ws.core.jaxws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:64)
at javax.xml.ws.Service.(Service.java:57)
at javax.xml.ws.Service.create(Service.java:302)
at org.jbia.ws.TestClient.main(TestClient.java:22)
Waiting for your response
Thanks
With regards
Venkat