2 Replies Latest reply on Jan 24, 2008 12:39 PM by Michael J. Hammel

    Question on Basic WS Authentication

    Suraphel Mendaye Newbie

      Hello All,

      I have implemented JAX_WS web services using JBoss Web Service stack bundled with JBoss 4.2.2_GA. I have used EJB3.0 as service end point. I would like to extend basic authentication for the consumers. The user, encrypted password and roles for the applications are stored in the database. Can someone answer my questions below?

      1. What do I need to do on the server side (EJB 3 service end point) in order to authenticate the consumer. In my case all the credential (user name, password, and roles) stored in DB. Point me document or example..

      2. What do I need to do on the consumer side? Pls give me example.

      3. The application uses different encryption to encrypt password. How can I enforce the client to use the same encryption? Based on my requirement consumer can not send plain text password over the wire to the Jboss server.

      Thanks in advance for helping this out..

      Surafel

        • 2. Re: Question on Basic WS Authentication
          Michael J. Hammel Newbie

          Alessio:

          In JBOSS 4.0.5GA I dropped crunch-login-config-service.xml and crunch-login-config.xml into server/default/conf in order to enable a DB based authentication. This worked fine. In 4.2.2GA it doesn't appear that crunch-login-config-service.xml is being seen. The only way to get crunch-login-config.xml to be read is to manually put it into login-config.xml. Am I missing something or is this a change to 4.2.2GA that I'll just have to live with?

          Here are the contents of the two files:

          crunch-login-config-service.xml

          <?xml version="1.0" encoding="UTF-8"?>
          <!DOCTYPE server>
          
          <server>
          
           <mbean code="org.jboss.security.auth.login.DynamicLoginConfig" name="jboss:service=DynamicLoginConfig">
           <attribute name="AuthConfig">crunch-login-config.xml</attribute>
           <depends optional-attribute-name="LoginConfigService">jboss.security:service=XMLLoginConfig</depends>
           <depends optional-attribute-name="SecurityManagerService">jboss.security:service=JaasSecurityManager</depends>
           </mbean>
          
          </server>


          crunch-login-config.xml

          <?xml version='1.0'?>
          <!DOCTYPE policy PUBLIC
           "-//JBoss//DTD JBOSS Security Config 3.0//EN"
           "http://www.jboss.org/j2ee/dtd/security_config.dtd">
          
          <!--
           Crunch Security Realm Configuration.
           This file defines how authentication is determined for access to pages.
           This file gets copied to $JBOSS_HOME/server/default/conf by the Ant build.
          -->
          
          <policy>
          
          <application-policy name = "CrunchDBRealm">
           <authentication>
           <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
           <module-option name = "unauthenticatedIdentity">guest</module-option>
           <module-option name = "dsJndiName">java:/CrunchDS</module-option>
           <module-option name = "principalsQuery">SELECT password FROM subscriber WHERE username=?</module-option>
           <module-option name = "rolesQuery">SELECT CRUNCHROLES.ROLENAME, 'Roles' FROM CRUNCHROLES, SUBSCRIBER WHERE SUBSCRIBER.USERNAME=? AND CRUNCHROLES.USERGUID=SUBSCRIBER.GUID</module-option>
           </login-module>
           </authentication>
          </application-policy>
          
          </policy>
          


          Again, in 4.2.2GA if I copy everything between and in the crunch-login-config.xml into login-config.xml then authentication works as it's supposed to. But I'd rather just drop in my own config without mucking with the JBOSS default config, if that's still possible.