4 Replies Latest reply on Dec 27, 2004 6:35 AM by Gayathiri R

    Secure Web service Endpoint access

    Gayathiri R Newbie

      Hello,
      I want to secure my web service. I tried using JAX-RPC authentication.
      in the client side the code looks like this

       InventoryEndpoint endpoint = (InventoryEndpoint)new InventoryEndpointServiceLocator().getPort(InventoryEndpoint.class);
      
       Stub stub = (Stub)endpoint;
       stub._setProperty(Stub.USERNAME_PROPERTY, "kermit");
       stub._setProperty(Stub.PASSWORD_PROPERTY, "thefrog");
       String array=endpoint.getName();
      


      and in the we.xml i have tried with

      <login-config>
       <user-name>kermit</user-name>
       <password>thefrog</password>
       </login-config>


      i m not sure this code is right......i just tried with it and when i run the client i m getting the following error

      12:10:46,529 ERROR [ServerEngine] Server error: AxisFault
       faultCode: {http://xml.apache.org/axis/}Server.NoService
       faultSubcode:
       faultString: The AXIS engine could not find a target service to invoke! targetService is Inventory
       faultActor:
       faultNode:
       faultDetail:
       {http://xml.apache.org/axis/}stackTrace: AxisFault
       faultCode: {http://xml.apache.org/axis/}Server.NoService
       faultSubcode:
       faultString: The AXIS engine could not find a target service to invoke! targetService is Inventory
       faultActor:
       faultNode:
       faultDetail:
      
      The AXIS engine could not find a target service to invoke! targetService is Inventory


      i think the error is becoz it is not returning the Endpoint....

      can u pls tell me how to give the authentication details in web.xml for JAX-RPC

      Regards
      GAYATHIRI

        • 1. Re: Secure Web service Endpoint access
          Thomas Diesler Master

          Valid principal/credential combinations are configured with the jboss security domain your WS is using.

          Have a look at the samples that are shiped with jboss-4.0.1

          cvs co -r JBoss_4_0_1 jboss-4.0

          • 2. Re: Secure Web service Endpoint access
            Gayathiri R Newbie

            Hello,
            Thanks for ur reply. The problem is that i didnt give the statement in the client code

            InventoryEndpoint hello = (InventoryEndpoint)stub;


            and in web.xml i have to give security-constraint and username and roles in properties file

            <login-config>
             <auth-method>BASIC</auth-method>
            
             </login-config>
            
             <security-constraint>
             <web-resource-collection>
             <web-resource-name>SecureHello</web-resource-name>
             <url-pattern>/*</url-pattern>
             <http-method>GET</http-method>
             <http-method>POST</http-method>
             </web-resource-collection>
             <auth-constraint>
             <role-name>The Duke</role-name>
             </auth-constraint>
             <user-data-constraint>
             <transport-guarantee>NONE</transport-guarantee>
             </user-data-constraint>
             </security-constraint>
            
             <security-role>
             <role-name>admin</role-name>
             </security-role>


            this is basic authentication for jax-rpc .
            .is this Basic authentication is secure ? is there any other way ?

            rgds
            gayathiri

            • 3. Re: Secure Web service Endpoint access
              Thomas Diesler Master

              Basic authentication is secure enough if you use HTTPS. With plain HTPP the password is encoded with base64 which only slightly better than plain text (security by obfuscation).

              A stronger algorithm is client certificates.

              • 4. Re: Secure Web service Endpoint access
                Gayathiri R Newbie

                Hi,
                I m using jboss-4.0.0 and as i told i using Basic authentication for my web service.
                I have deployed my web service in jboss-4.0.0 . when i access from perl client it works fine. but when i access from .NET client with the credential details i m getting the following error

                The request failed with HTTP status 505: HTTP Version Not Supported


                pls tell me y is this error?

                Rgds
                Gayathiri