8 Replies Latest reply on Dec 1, 2009 11:01 AM by Venkatesh Venkatesh

    JAX-WS Basic authorization?

    Ilya Romanenko Newbie

      I need to implement basic authorization (username and password check) to jax-ws for this service:

      @WebService(name="ServerService", serviceName="ServerService")
      @SOAPBinding(style = SOAPBinding.Style.RPC)
      public class ServerService implements IServerService{
       @WebMethod
       public ServerStatus status() {
       ServerStatus status=ServerStatus.getInstance();
       return status;
       }
      }

      but i saw only EJB examples...
      Where i can find how to do it?

        • 1. Re: JAX-WS Basic authorization?
          Ilya Romanenko Newbie

          oops read authentication instead authorization :)

          • 2. Re: JAX-WS Basic authorization?
            Alessio Soldano Master

            Take a look at the context sample (org.jboss.test.ws.jaxws.samples.context.EndpointJSE). You need to manually edit the web.xml and jboss-web.xml with JSE endpoints.

            • 3. Re: JAX-WS Basic authorization?
              Ilya Romanenko Newbie

               

              "alessio.soldano@jboss.com" wrote:
              Take a look at the context sample (org.jboss.test.ws.jaxws.samples.context.EndpointJSE). You need to manually edit the web.xml and jboss-web.xml with JSE endpoints.

              Thanks but i already solved problem
              Maybe later i make some tutorial for this

              • 4. Re: JAX-WS Basic authorization?
                Ilya Romanenko Newbie

                If you need authentication with JAX-WS:
                1. Web-service

                @WebService(name="ServerService")
                @SOAPBinding(style = SOAPBinding.Style.RPC)
                public interface IServerService {
                 @WebMethod
                 String status();
                }

                @WebService(name = "ServerService", serviceName = "ServerService")
                @SOAPBinding(style = SOAPBinding.Style.RPC)
                public class ServerService implements IServerService {
                 @WebMethod
                 @RolesAllowed ("testuser")
                 public String status() {
                 return "It works";
                 }
                }

                2. web.xml
                <?xml version="1.0" encoding="UTF-8"?>
                <web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                 xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
                 version="2.4">
                 <security-constraint>
                 <web-resource-collection>
                 <web-resource-name>Server service</web-resource-name>
                 <url-pattern>/*</url-pattern>
                 <http-method>POST</http-method>
                 </web-resource-collection>
                 <auth-constraint>
                 <role-name>testuser</role-name>
                 </auth-constraint>
                 </security-constraint>
                 <login-config>
                 <auth-method>BASIC</auth-method>
                 </login-config>
                 <security-role>
                 <description>Known users of the Server service</description>
                 <role-name>testuser</role-name>
                 </security-role>
                 <!-- Web Services -->
                <servlet>
                 <servlet-name>ServerService</servlet-name>
                 <servlet-class>my.ServerService</servlet-class>
                 </servlet>
                
                 <!-- Web Services Mapping -->
                
                 <servlet-mapping>
                 <servlet-name>ServerService</servlet-name>
                 <url-pattern>/ServerService</url-pattern>
                 </servlet-mapping>
                </web-app>
                

                3. jboss-web.xml
                <jboss-web>
                 <security-domain>java:/jaas/test_project</security-domain>
                </jboss-web>

                - I don't exactly understand what is it means - but i think it should be
                4. add users.properties and role.properties to project:
                users.properties
                test=test

                roles.properties
                test=testuser

                5. Client
                URL wsdlLocation = new URL("http://127.0.0.1:8080/test_project/ServerService?wsdl");
                 QName serviceName = new QName("http://my/", "ServerService");
                 Service service = Service.create(wsdlLocation, serviceName);
                 IServerService port = service.getPort(IServerService.class);
                 BindingProvider bp = (BindingProvider) port;
                 Map<String, Object> map = bp.getRequestContext();
                 map.put(BindingProvider.USERNAME_PROPERTY, "test");
                 map.put(BindingProvider.PASSWORD_PROPERTY, "test");
                 String status = port.status();
                 System.out.println(status);

                I haven't test it but looks like i did't forget anything

                • 5. Re: JAX-WS Basic authorization?
                  Ilya Romanenko Newbie

                  hmmm....
                  When i set in ServerService
                  @RolesAllowed ("ServerServiceStatus")
                  and then
                  start test - it works :(

                  Why? testuser role is not allowed now...

                  • 6. Re: JAX-WS Basic authorization?
                    Ilya Romanenko Newbie

                    Looks like only web.xml matters

                    security-constraint>
                     <web-resource-collection>
                     <web-resource-name>Server service</web-resource-name>
                     <url-pattern>/*</url-pattern>
                     <http-method>POST</http-method>
                     </web-resource-collection>
                     <auth-constraint>
                     <role-name>testuser</role-name>
                     </auth-constraint>
                     </security-constraint>

                    and
                    @RolesAllowed

                    annotation does no effect

                    • 7. Re: JAX-WS Basic authorization?
                      Alessio Soldano Master

                       

                      "rukus" wrote:
                      Looks like only web.xml matters
                      security-constraint>
                       <web-resource-collection>
                       <web-resource-name>Server service</web-resource-name>
                       <url-pattern>/*</url-pattern>
                       <http-method>POST</http-method>
                       </web-resource-collection>
                       <auth-constraint>
                       <role-name>testuser</role-name>
                       </auth-constraint>
                       </security-constraint>

                      and
                      @RolesAllowed

                      annotation does no effect


                      This is because you're using a POJO endpoint. The annotation approach should work with an EJB3 endpoint.

                      • 8. Re: JAX-WS Basic authorization?
                        Venkatesh Venkatesh Newbie

                        Hi alessio

                        I exactly have followed this topic (http://www.jboss.org/index.html?module=bb&op=viewtopic&t=123643) to implement BASIC (authentication) security for my web service, but I am getting the following exeception

                        Exception in thread "main" java.lang.NoSuchMethodError: org.jboss.wsf.common.DOMUtils.clearThreadLocals()V
                        at org.jboss.ws.core.jaxws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:64)
                        at javax.xml.ws.Service.(Service.java:57)
                        at javax.xml.ws.Service.create(Service.java:302)
                        at org.jbia.ws.TestClient.main(TestClient.java:22)
                        Waiting for your response

                        Thanks

                        With regards
                        Venkat