3 Replies Latest reply on Jan 20, 2004 2:57 AM by Frank Heldt

    First call with C# and getting security context

    Paul Casal Newbie


      "goldrimtang" wrote:
      "goldrimtang" wrote:
      "goldrimtang" wrote:

      I have set up one method of an stateless session bean as a web service. It all goes well when called from an axis client. The problem comes when calling it from a C# client. Yet, the errors are somewhat odd and I'm not sure that the client is the one to blame:

      1) The first issue is when calling the webservice for the first time. I can't do this with the C# client. If the very first call comes from it, I get:


      [exec] Unhandled Exception: System.Web.Services.Protocols.SoapException: Access denied.
      [exec] at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
      [exec] at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
      [exec] at UserSessionService.getUserWS(Int32 in0) in c:\bop\build\ws\cs\bettyWSTest.cs:line 38
      [exec] at DotNetWSTest.Main(String[] args) in c:\bop\build\ws\cs\DotNetWSTest.cs:line 13

      file:c:/bop/build.xml:622: exec returned: -532459699

      But as soon as I make a call from a Java/Axis client, subsequent calls from the C# client go well. This make me think that there's something wrong with the server. How can it accept calls from C# clients only after been called from an Axis client and never before?

      2) When calling the webservice from the C# client, I can't call context.getCallerPrincipal().getName(); without getting an exception:

      11:01:26,675 ERROR [LogInterceptor] RuntimeException:
      java.lang.SecurityException: No security context set
      at com.sapienter.betty.server.user.WSMethodSecurityProxy.invoke(WSMethodSecurityProxy.java:78)
      at org.jboss.ejb.plugins.SecurityProxyInterceptor.invoke(SecurityProxyInterceptor.java:165)
      at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:185)

      No problems when calling from the Axis client. The interesting thing is that the call is being authenticated by Jboss, meaning that if the username/password in the credentials of the C# code are invalid, I would get and 'Access denied' response from the server. In other words, if I don't have a call to context.getCallerPrincipal().getName() the authentication is performed properly and all goes well. So basically what I'm getting is that the Principal is not being set only when a call from C# comes.

      This is the C# code for the client:

      using System;
      using System.Net;

      public class DotNetWSTest {
      public static void Main(String[] args) {
      UserSessionService service = new UserSessionService();
      NetworkCredential cre = new NetworkCredential();
      cre.UserName = "root";
      cre.Password = "dddd";
      service.PreAuthenticate = true;
      service.Credentials = cre;

      UserWS result = service.getUserWS(9);
      Console.WriteLine("result = " + result.language);
      Console.WriteLine("result credit card name = " + result.creditCard.name);

      The method exposed as a web service:

      * @ejb.permission unchecked="true"
      * @jboss-net.web-service urn="billing"
      * @jboss-net.authentication domain="betty"
      * validate-unauthenticated-calls="true"
      * @jboss-net.authorization domain="betty"
      * roles-allowed="1,2"
      * roles-denied="3,4,5"
      * @jboss.security-proxy name="com.sapienter.betty.server.user.WSMethodSecurityProxy"

      .... class declaration ...

      * @ejb:interface-method view-type="remote"
      * @jboss-net.web-method
      * @jboss-net.wsdd-operation returnQName="UserInfo"
      public UserWS getUserWS(Integer userId)
      throws SessionInternalError{
      UserWS dto = null;
      // calling from dot.net seems to not have a context set. So then when calling
      // getCallerPrincipal the client gets a 'No security context set' exception
      // log.debug("principal = " + context.getCallerPrincipal().getName());
      try {
      UserBL bl = new UserBL(userId);
      dto = bl.getUserWS();
      } catch (Exception e) {
      throw new SessionInternalError(e);

      return dto;

      I am using Jboss 3.2.3 with tomcat, and the latest version of .NET SDK

      Thanks very much in advance! Any help is appreciated,