1 Reply Latest reply on Apr 14, 2009 8:15 AM by Jonathan Muniz

    WS Security - Identity propagation between web services.

    ravi kumar brahmajee k Newbie

      Hi,

      I have two WebServices with EJB Endpoints. (EJBWS1 and WJBWS2). Both are secure web services and the methods in those web services has restricted access by specifying the roles using &RolesAllowed annotation.

      For example:

      @RolesAllowed("Role1")
      public String method1(){}

      EJBWS1 is configured to receive the user credentials using WS-Security - User name token (using @EndpointConfig) and EJB2WS is configured to receive credentials using Basic authentication.

      Both EJB's are in the same security Domain and also in the same JAR file.

      I wrote a client to pass WS-Security credentials to EJBWS1 and it works. In EJBWS1, I called a method in EJBWS2 using EJB way (got a EJB object reference and invoke operation). Identity get propagated and the method call in EJBWS2 gets invoked.

      But when i invoke the same using webservice way, i.e in EJBWS1 method, i get a webserviceref (static proxy) for EJJBWS2, get port and invoke operation, i am getting unauthorized error. Identity is not getting propagated from Webservice1 to web service 2

      does identity propagation concept not exist in webservice invocations? or am i making any mistake here?

      Appreciate your help.

      I have included the code in the note:
      Thanks in advance
      Ravi.


      NOTE:
      My code for invoking webservice is as follows:
      1) Invoking EJBWS 2:

      @WebServiceRef
      static TestBean1WSClient service3;
      public void insert(Agent object) {
      ....

      TestBean1Local tblocal = service3.getEndpointPort();
      tblocal.insert(object);
      }
      2)

      Created a WebService client using @WebServiceClient annotation:
      @WebServiceClient(name = "TestBean1Service", targetNamespace = "http://service.ri.com/", wsdlLocation = "META-INF/wsdl/TestBean1Bean.wsdl")
      public class TestBean1WSClient extends Service
      {

      private final static URL WSDL_LOCATION;
      private final static QName TESTENDPOINTSERVICE = new QName("http://service.ri.com/", "TestBean1Service");
      private final static QName TESTENDPOINTPORT = new QName("http://service.ri.com/", "TestBean1BeanPort");

      static {
      System.out.println("TestBean1WSClient static block");
      URL url = null;
      try {
      URL baseUrl = com.hex.ffm.ri.service.TestBean1Local.class.getResource(".");
      System.out.println(" baseURL "+baseUrl);
      url = new URL("http://127.0.0.1:7000/Practice/TestBean1Bean?wsdl");
      } catch (MalformedURLException e) {
      e.printStackTrace();
      }
      WSDL_LOCATION = url;
      }

      public TestBean1WSClient(URL wsdlLocation, QName serviceName) {

      super(wsdlLocation, serviceName);

      }

      public TestBean1WSClient() {
      super(WSDL_LOCATION, TESTENDPOINTSERVICE);

      }


      @WebEndpoint(name = "TestBean1BeanPort")
      public TestBean1Local getEndpointPort() {
      return (TestBean1Local)super.getPort(TESTENDPOINTPORT, TestBean1Local.class);
      }

      }