6 Replies Latest reply on Aug 17, 2005 10:30 AM by shin tai

    Basic Auth not propogating Security

    shin tai Newbie

      Hi all,

      I'm porting an application to JBoss that uses basic authentication. I have classes that are exposed as webservices; they implement the Remote and the ServiceLifecycle interfaces. From here I need to pull the username and password from the Authorization header and do some 'manual' validation.

      I wrote a simple application to test and it works just fine. I generate a client from the wsdl, make the call with an Authorization header set and I get a response back.

      My jboss-web.xml


      My web.xml


      And my code in CheckMail.java

      Object a = SecurityAssociation.getCredential();
       Object b = SecurityAssociation.getPrincipal();
       System.err.println("credential " + a);
       System.err.println("principal " + b); //SimplePrinciple obj

      And that works just fine. But I when I apply the changes to my application the credential and principal objects are null. I attached a debugger to SecurityAssociation to see if they were being cleared but it looked like the set methods weren't being called at all. I realise it's difficult to say what's going on without showing the actual application being ported but any help about where I should start look would be appreciated.

      I wasn't involved in the installation of jboss so it's possible there's a constraint set somewhere on the application preventing it from propogating the details over but not for my test application which was deployed in the same server instance.

      Many Thanks