6 Replies Latest reply on Aug 24, 2009 10:35 AM by Timmy Storms

    Basic HTTP authentication for WSDL (using JAAS LoginModule)

    Timmy Storms Newbie

      Hi,

      I'm trying to use basic HTTP authentication for my WSDL. The user credentials should be validated by a (JAAS) LoginModule for Atlassian Crowd. Somehow the deployment of my EAR file fails. The following stacktrace shows up in my logs:

      java.lang.NullPointerException
       at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorFactory.createPerClass(RoleBasedAuthorizationInterceptorFactory.java:49)
       at org.jboss.aop.advice.AspectFactoryDelegator.createPerClass(AspectFactoryDelegator.java:107)
       at org.jboss.aop.Advisor.addPerClassAspect(Advisor.java:569)
       at org.jboss.aop.advice.ScopedInterceptorFactory.create(ScopedInterceptorFactory.java:72)
       at org.jboss.aop.Advisor.createInterceptorChain(Advisor.java:618)
       at org.jboss.aop.Advisor.pointcutResolved(Advisor.java:888)
       at org.jboss.aop.Advisor.resolveMethodPointcut(Advisor.java:650)
       at org.jboss.aop.ClassContainer.createInterceptorChains(ClassContainer.java:248)
       at org.jboss.aop.ClassContainer.rebuildInterceptors(ClassContainer.java:115)
       at org.jboss.aop.ClassContainer.initializeClassContainer(ClassContainer.java:58)
       at org.jboss.ejb3.EJBContainer.processMetadata(EJBContainer.java:342)
       at org.jboss.ejb3.SessionContainer.processMetadata(SessionContainer.java:140)
       at org.jboss.ejb3.Ejb3Deployment.processEJBContainerMetadata(Ejb3Deployment.java:292)
       at org.jboss.ejb3.Ejb3Deployment.start(Ejb3Deployment.java:356)
       at org.jboss.ejb3.Ejb3Module.startService(Ejb3Module.java:91)
       at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:289)
       at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:245)
       at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
       at java.lang.reflect.Method.invoke(Unknown Source)
       at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
       at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
       at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
       at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
       at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
       at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:978)
       at $Proxy0.start(Unknown Source)
      


      Apparantly the RoleBasedAuthorizationInterceptorFactory throws an exception on line 49. When I checked its source, I've found the following code:

      ctx.lookup("java:/jaas/" + securityAnnotation.value());


      Probably, this means that the class doesn't find my SecurityDomain annotation, while it IS present. I've got the following annotations on my web service:

      @Stateless
      @SecurityDomain("mydomain")
      @SOAPBinding(style = SOAPBinding.Style.RPC, use = SOAPBinding.Use.LITERAL)
      @WebService(name = "ProjectWebService", targetNamespace = "url", serviceName = "service")
      @WebContext(urlPattern = "/url", authMethod ="BASIC", transportGuarantee ="NONE", secureWSDLAccess = false)
      @RolesAllowed("admin")
      @Remote(clazz.class)
      


      Other things I've done:
      web.xml:

      <security-constraint>
       <web-resource-collection>
       <web-resource-name>wsdl</web-resource-name>
       <url-pattern>/url</url-pattern>
       </web-resource-collection>
       <auth-constraint>
       <role-name>admin</role-name>
       </auth-constraint>
      </security-constraint>
      <login-config>
       <auth-method>BASIC</auth-method>
      </login-config>
      <security-role>
       <role-name>admin</role-name>
      </security-role>
      


      login-config.xml (in the conf folder):
      <application-policy name="mydomain">
       <authentication>
       <login-module code="com.atlassian.crowd.application.jaas.CrowdLoginModule" flag = "required">
       <module-option name="application.name">admin</module-option>
       <module-option name="application.password">admin</module-option>
       <module-option name="crowd.server.url">server/</module-option>
       </login-module>
       </authentication>
       </application-policy>
      


      This is the code which should be responsible for authenticating the users. What am I doing wrong here? Thanks!