2 Replies Latest reply on May 3, 2012 1:46 PM by _marquez2012_

Custom 401 Error on Webservices (JBoss)

_marquez2012_ Apr 27, 2012 1:28 PM

Hi,

I have a jboss webservice like this:

@Stateless @SecurityDomain("SecurityDomain") @RolesAllowed("RolesAllowed") @WebContext(urlPattern = "/*", authMethod = "BASIC", secureWSDLAccess = true) @EndpointConfig(configName = "Standard WSSecurity Endpoint") @WebService(name = "WebServiceName", targetNamespace = "http://webserviceName")

public class WebserviceName (...)

When i invoke this webservice with wrong credentials i´m getting the following error:

<html> <head> <title>JBoss Web/2.1.3.GA - Error report</title> <style> </style> </head> <body><h1>HTTP Status 401 - </h1><HR size="1" noshade="noshade"> <p><b>type</b> Status report</p> <p><b>message</b> <u></u></p> <p><b>description</b> <u>This request requires HTTP authentication ().</u></p> <HR size="1" noshade="noshade"><h3>JBoss Web/2.1.3.GA</h3> </body> </html>

I would like to know if there is way to custom this 401 response?

Notice that my webservice works fine (my problem is only in this customization).

I already try, unsucessefully, to put the following code on web.xml (in several modules like jbossws.sar) (and login-config.xml)

	<error-page>
	<error-code>401</error-code>
	<location>/test.html</location>
	</error-page>

Also, i´ve try the following:

<error-page>

<exception-type>com.xpto.MyException</exception-type>

</error-page>

Thanks a lot.

1. Re: Custom 401 Error on Webservices (JBoss)

_marquez2012_ May 3, 2012 6:49 AM (in response to _marquez2012_)

I found something very similar of what i pretend in this link : https://community.jboss.org/thread/80628?tstart=0 ... but this doesn't work on JBoss (Native) webservices.. I just want remove the version (JBoss Web/2.1.3.GA)
Actions
2. Re: Custom 401 Error on Webservices (JBoss)

_marquez2012_ May 3, 2012 1:46 PM (in response to _marquez2012_)

The Webservice use the JBoss Web component to authenticate the username and password (with Basic Authentication). (Note that i'm using JBoss-ESB)

For this motive, we need to change this jar (jbossweb.jar) in \jboss-esb\server\<server-name>\deploy\jbossweb.sar.

We must edit the file "ServerInfo.properties" (in org\apache\catalina\util\) and change the property "server.info=2.1.3.GA" to "server.info=XPTO".

Alternatively, it´s also possible to re-build this jar and replace the tag @VERSION@ to XPTO (in the task Ant, i believe).

During this analysis, was also identified the possible implementation of our BasicAuthenticator. Thus it is possible to configure the error message (401) so as to make it more configurable (ultimately we can return other error).

To do this, you must change the configuration

    <property name="authenticators">
    <..>
    <key>BASIC</key>
    <value> MyClass </value>

in file war-deployers-jboss-beans.xml (in \jboss-esb\server\<server-name>\deployers\jbossweb.deployer\META-INF).
Actions

Go to original post