4 Replies Latest reply on Nov 15, 2006 9:07 AM by Nicolai Ødum

    EJB3.0 annotation security and webservices.

    Nicolai Ødum Newbie

      I have a session bean where all methods look like this

      @RolesAllowed("customer")
      public void setName(String name);
      


      Now I want to expose that method as a webservice but I have no idea on how to tell my client the username and password

      URL url = new URL("http://localhost:8080/test/MyBean?wsdl");
      QName qname = new QName("http://test.niro.dk/jaws",
       "MyService");
      ServiceFactory factory = ServiceFactory.newInstance();
      Service service = factory.createService(url, qname);
      My myTest = (My)service.getPort(My.class);
      myTest.setName("test");
      


      So I of course get this exception

      Exception in thread "main" java.lang.reflect.UndeclaredThrowableException
      at $Proxy0.resetDatabase(Unknown Source)
      at dk.test.MyClient.main(MyClient.java:21)
      Caused by: java.rmi.RemoteException: Call invocation failed with code [Client] because of: Authentication failure; nested exception is:
      javax.xml.rpc.soap.SOAPFaultException: Authentication failure
      at org.jboss.ws.jaxrpc.CallImpl.invokeInternal(CallImpl.java:715)
      at org.jboss.ws.jaxrpc.CallImpl.invoke(CallImpl.java:398)
      at org.jboss.ws.jaxrpc.CallProxy.invoke(CallProxy.java:164)
      ... 2 more
      Caused by: javax.xml.rpc.soap.SOAPFaultException: Authentication failure
      at org.jboss.ws.jaxrpc.SOAPFaultExceptionHelper.getSOAPFaultException(SOAPFaultExceptionHelper.java:100)
      at org.jboss.ws.binding.soap.SOAPBindingProvider.unbindResponseMessage(SOAPBindingProvider.java:505)
      at org.jboss.ws.jaxrpc.CallImpl.invokeInternal(CallImpl.java:704)
      ... 4 more
      


      And the server throws a

      17:39:26,140 ERROR [SOAPFaultExceptionHelper] SOAP request exception
      javax.ejb.EJBAccessException: Authentication failure
      at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.handleGeneralSecurityException(Ejb3AuthenticationInterceptor.java:99)
      at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:70)


      Plzzzzz help!!

        • 1. Re: EJB3.0 annotation security and webservices.
          John Gilbert Apprentice

          Take a look at the JBossWS user guide chapter on securing endpoints:
          http://labs.jboss.com/portal/jbossws/user-guide/en/html/secure-ejb.html

          You basically set properties on the Stub.

          I haven't tried it but I bet calling the the ClientSideLogingModule would to the trick also.

          • 2. Re: EJB3.0 annotation security and webservices.
            Nicolai Ødum Newbie

            Thanks for your reply,

            I followed the guide as much as possible, but unfortunately I haven?t been able to get it work yet.

            I have modified my server bean so it uses the same security domain as the webservice just to make things simple.

            @SecurityDomain("JBossWS")
            ?
            @RolesAllowed("friend")
            public void setName(String name);
            


            I have modified the client as the example says.
            URL url = new URL("http://localhost:8080/test/MyBean?wsdl");
            QName qname = new QName("http://test.niro.dk/jaws", "MyService");
            ServiceFactory factory = ServiceFactory.newInstance();
            Service service = factory.createService(url, qname);
            My myTest = (My)service.getPort(My.class);
            Stub stub = (Stub) myTest;
            stub._setProperty(Stub.USERNAME_PROPERTY, "kermit");
            stub._setProperty(Stub.PASSWORD_PROPERTY, "thefrog");
            myTest.setName("test");
            


            Think I am getting close now because now I get a

            10:42:38,125 ERROR [SOAPFaultExceptionHelper] SOAP request exception
            javax.ejb.EJBAccessException: Authentication failure
             at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.handleGeneralSecurityException(Ejb3AuthenticationInterceptor.java:99)
             at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:70)
             at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:131)
            
            



            I can see the guide wants me to set a

            <auth-method>BASIC</auth-method>

            But the version of jboss.xml (http://www.jboss.org/j2ee/schema/jboss_5_0.xsd) doesn?t contain that tag.

            Anybody have a good idea on what to do now?


            • 3. Re: EJB3.0 annotation security and webservices.
              Denis Dittmar Newbie

              Hello webmarck,

              I think, I've got a similar problem. Did you ever get it work?

              regards,
              Vans

              • 4. Re: EJB3.0 annotation security and webservices.
                Nicolai Ødum Newbie

                No - I was forced to disable @RolesAllowed("customer") security :-(
                Means alot of extra coding...