<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<body link="#355491" alink="#4262a1" vlink="#355491" style="background: #e2e2e2; margin: 0; padding: 20px;">
<div>
        <table cellpadding="0" bgcolor="#FFFFFF" border="0" cellspacing="0" style="border: 1px solid #dadada; margin-bottom: 30px; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
                <tbody>
                        <tr>
                                <td>
                                        <table border="0" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF" style="border: solid 2px #ccc; background: #dadada; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
                                                <tbody>
                                                        <tr>
                                                                <td bgcolor="#000000" valign="middle" height="58px" style="border-bottom: 1px solid #ccc; padding: 20px; -moz-border-radius-topleft: 3px; -moz-border-radius-topright: 3px; -webkit-border-top-right-radius: 5px; -webkit-border-top-left-radius: 5px;">
                                                                        <h1 style="color: #333333; font: bold 22px Arial, Helvetica, sans-serif; margin: 0; display: block !important;">
                                                                        <!-- To have a header image/logo replace the name below with your img tag -->
                                                                        <!-- Email clients will render the images when the message is read so any image -->
                                                                        <!-- must be made available on a public server, so that all recipients can load the image. -->
                                                                        <a href="http://community.jboss.org/index.jspa" style="text-decoration: none; color: #E1E1E1">JBoss Community</a></h1>
                                                                </td>
                                                        </tr>
                                                        <tr>
                                                                <td bgcolor="#FFFFFF" style="font: normal 12px Arial, Helvetica, sans-serif; color:#333333; padding: 20px; -moz-border-radius-bottomleft: 4px; -moz-border-radius-bottomright: 4px; -webkit-border-bottom-right-radius: 5px; -webkit-border-bottom-left-radius: 5px;"><h3 style="margin: 10px 0 5px; font-size: 17px; font-weight: normal;">
EJB3 JBossWS Authentication in 5.1.0 GA not working
</h3>
<span style="margin-bottom: 10px;">
created by <a href="http://community.jboss.org/people/tumuhairwe">Judes Tumuhairwe</a> in <i>JBoss Web Services</i> - <a href="http://community.jboss.org/message/565984#565984">View the full discussion</a>
</span>
<hr style="margin: 20px 0; border: none; background-color: #dadada; height: 1px;">
<div class="jive-rendered-content"><p>Hi</p><p>I've read this [1] and [2] and [3] and a whole bunch of others (including the JBoss In Action book) and they all say the same thing:</p><p>1. Configure a data-source (*-ds.xml file)</p><p>2. Define a domain (conf/login-config.xml)</p><p>3. Tell the app about it:</p><p>    a. put the <security-domain> in jboss-web.xml and in the</p><p>    b. META-INF/jboss.xml</p><p>    c. add a security constraint in web.xml</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>4. Annotate the EJB/Web-service with the security annotations (@SecurityDomain, @WebContext and @RolesAllowed in addition to @Stateless and @Webservice)</p><p>5. build, package & deploy as an ear</p><p>6. Add the values to the request-context map of the BindingProvider when calling...and everything should work.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>But nothing is working for me i.e. I keep getting a 401 error (Unauthorized). (I've been struggling with this for days now) Question is can anyone see what I'm doing wrong.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Environment: Java version: 1.5.0_22, JBoss 5.1.0 GA, JBoss Web Services - Stack Native Core (3.1.2.GA)</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>conf/login-config.xml (fragment)</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>[still gives a HTTP 401 even if I use the default JBossWS]</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>The datasource (I've verified that this works)</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>jboss-web.xml (the article [1] says its only for POJO's but it doesn't make a difference if I remove the <security-domain> tag)</p><pre class="jive-pre"><code class="jive-code jive-xml"><span class="jive-xml-tag"><?xml version="1.0" encoding="UTF-8"?></span>
<span class="jive-xml-tag"><jboss-web></span>
    <span class="jive-xml-tag"><class-loading java2ClassLoadingCompliance="false"></span>
        <span class="jive-xml-tag"><loader-repository></span>
            <span class="jive-xml-tag"><loader-repository-config></span>
                java2ParentDelegation=false
            <span class="jive-xml-tag"></loader-repository-config></span>
        <span class="jive-xml-tag"></loader-repository></span>
    <span class="jive-xml-tag"></class-loading></span>
    <span class="jive-xml-tag"><context-root></span>/verifiq<span class="jive-xml-tag"></context-root></span>
   
    <span class="jive-xml-tag"><security-domain flushOnSessionInvalidation="false"></span>verifiq-domain<span class="jive-xml-tag"></security-domain></span>
<span class="jive-xml-tag"></jboss-web></span>
</code></pre><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>jboss.xml (in the ejb jar's META-INF) Same as above i.e. doesn't make a difference if I uncomment.</p><pre class="jive-pre"><code class="jive-code jive-xml"><span class="jive-xml-tag"><?xml version="1.0" encoding="UTF-8"?></span>
<span class="jive-xml-tag"><jboss></span>
    <span class="jive-xml-tag"><security-domain></span>verifiq-domain<span class="jive-xml-tag"></security-domain></span>
   
    <span class="jive-xml-comment"><!--
    <span class="jive-xml-tag"><webservices></span>
        <span class="jive-xml-tag"><context-root></span>/service<span class="jive-xml-tag"></context-root></span>
    <span class="jive-xml-tag"></webservices></span>
    <span class="jive-xml-tag"><enterprise-beans></span>
      <span class="jive-xml-tag"><session></span>
          <span class="jive-xml-tag"><ejb-name></span>ExpulsionStatusBean<span class="jive-xml-tag"></ejb-name></span>
          <span class="jive-xml-tag"><jndi-name></span>ExpulsionStatusBean<span class="jive-xml-tag"></jndi-name></span>
          <span class="jive-xml-tag"><security-domain></span>verifiq-domain<span class="jive-xml-tag"></security-domain></span>
          <span class="jive-xml-tag"><port-component></span>
              <span class="jive-xml-tag"><port-component-name></span>ExplusionStatusServicePort<span class="jive-xml-tag"></port-component-name></span>
              <span class="jive-xml-tag"><port-component-uri></span>/ExplusionStatusBeanPort<span class="jive-xml-tag"></port-component-uri></span>
              <span class="jive-xml-tag"><auth-method></span>BASIC<span class="jive-xml-tag"></auth-method></span>
              <span class="jive-xml-tag"><transport-guarantee></span>NONE<span class="jive-xml-tag"></transport-guarantee></span>
              <span class="jive-xml-tag"><secure-wsdl-access></span>false<span class="jive-xml-tag"></secure-wsdl-access></span>
          <span class="jive-xml-tag"></port-component></span>
          -->
          <!--
          <span class="jive-xml-tag"><resource-ref></span>
              <span class="jive-xml-tag"><res-ref-name></span>jdbc/postgresql<span class="jive-xml-tag"></res-ref-name></span>
              <span class="jive-xml-tag"><jndi-name></span>java:/VerifiqDS<span class="jive-xml-tag"></jndi-name></span>
          <span class="jive-xml-tag"></resource-ref></span>
          -->
          <!--
          <span class="jive-xml-tag"><clustered></span>true<span class="jive-xml-tag"></clustered></span>
          <span class="jive-xml-tag"><cluster-config></span>
              <span class="jive-xml-tag"><partition-name></span>DefaultPartition<span class="jive-xml-tag"></partition-name></span>
              <span class="jive-xml-tag"><load-balance-policy></span>org.jboss.ha.framework.interfaces.RandomRobin<span class="jive-xml-tag"></load-balance-policy></span>
           <span class="jive-xml-tag"></cluster-config></span>
           -->
           <!--
        <span class="jive-xml-tag"></session></span>
     <span class="jive-xml-tag"></enterprise-beans></span>
     --></span>
<span class="jive-xml-tag"></jboss></span>
</code></pre><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>ExpulsionStatusBean.java [intentionally skipped the contextRoot in @WebContext because:</p><p>1. it puts the context (e.g. /service) outside the app's (/verifiq) i.e. security-constraint definitions in web.xml become useless since we now have <span style="font-family: courier new,courier;">localhost:8080/services</span> and <span style="font-family: courier new,courier;">localhost:8080/verifiq</span>.</p><p>2. It applies that service to all the web-services in that ejb jar (even though I've explicitly asked for a different contextRoot on another web-service)</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Either way, even when I access them at a different location /services/serviceName?wsdl the result is the same i.e. HTTP 401]</p><pre class="jive-pre"><code class="jive-code jive-java">@Stateless
@WebService
@Local(ExplusionStatusService.class)
@SecurityDomain(value=<font color="red">"JBossWS"</font>)
@RolesAllowed(<font color="red">"friend"</font>)
@WebContext(authMethod=<font color="red">"BASIC"</font>, transportGuarantee=<font color="red">"NONE"</font>, secureWSDLAccess=<font color="navy"><b>false</b></font>)
<font color="navy"><b>public</b></font> <font color="navy"><b>class</b></font> ExplusionStatusBean <font color="navy"><b>implements</b></font> ExplusionStatusService, Serializable <font color="navy">{</font>
 
    @Resource
    <font color="navy"><b>private</b></font> SessionContext context;
 
    @WebMethod
    <font color="navy"><b>public</b></font> String expell(@WebParam(name=<font color="red">"person"</font>) Person person) <font color="navy">{</font>
        String retVal = <font color="red">"Expelling "</font> + person.getSchoolAssignedID();
        System.out.println(<font color="red">"ExplusionStatusBean.expell(): invoked"</font>);
        System.out.println(<font color="red">"ExplusionStatusBean.expell(): Student: "</font> + person);
        System.out.println(<font color="red">"ExplusionStatusBean.expell(): caller: "</font> + context.getCallerPrincipal());
        System.out.println(<font color="red">"ExplusionStatusBean.expell(): returning "</font> + retVal);
        <font color="navy"><b>return</b></font> retVal;
    <font color="navy">}</font>
<font color="navy">}</font>
</code></pre><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Expeller.java (snipped just main() )</p><pre class="jive-pre"><code class="jive-code jive-java"><font color="navy"><b>public</b></font> <font color="navy"><b>static</b></font> <font color="navy"><b>void</b></font> main(String[] args) <font color="navy">{</font>
        <font color="navy"><b>try</b></font> <font color="navy">{</font>
            log.info(<font color="red">"Constructing..."</font>);
            ExplusionStatusBeanService esb = <font color="navy"><b>new</b></font> ExplusionStatusBeanService(<font color="navy"><b>new</b></font> URL(<font color="red">"http://127.0.0.1:8080/verifiq-verifiq-ejb/ExplusionStatusBean?wsdl"</font>));
            ExplusionStatusBean service = esb.getExplusionStatusBeanPort();
           
            log.info(<font color="red">"Computing password"</font>);
            String password = <font color="red">"thefrog"</font>;
            <font color="darkgreen">//password = DigestUtils.md5Hex(password);</font>
           
            <font color="darkgreen">//String pass =</font>
            log.info(<font color="red">"Setting authentication info"</font>);
            <font color="darkgreen">//BindingProvider bp = (BindingProvider)service;</font>
            <font color="darkgreen">//Map<String, Object> authentication = bp.getRequestContext();</font>
            ((BindingProvider)service).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, <font color="red">"kermit"</font>);
            ((BindingProvider)service).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, password);
            System.out.println(<font color="red">"Using username kermit and password="</font> + password);
 
            log.info(<font color="red">"Invoking..."</font>);
            Person person = getJudes();     <font color="darkgreen">// Person is just a regular JPA pojo (mapped) (with name & schoolId)</font>
            String response = service.expell(person);
            log.info(<font color="red">"Response receieved successfully! "</font> + response);
 
        <font color="navy">}</font> <font color="navy"><b>catch</b></font> (Exception ex) <font color="navy">{</font>
            ex.printStackTrace();
            log.log(Level.SEVERE, null, ex);
        <font color="navy">}</font>
    <font color="navy">}</font>
</code></pre><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>server.log</p><p>(I'm 100% certain the user kermit->thefrog exists in both the props/jbossws-*.properties file (when I use the default JBossWS) and in the database.)</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>2010-10-12 01:09:07,797 DEBUG <a class="jive-link-external-small" href="org.jboss.security.auth.spi.DatabaseServerLoginModule">org.jboss.security.auth.spi.DatabaseServerLoginModule</a> (http-127.0.0.1-8080-1) Bad password for username=kermit</p><p>2010-10-12 01:09:07,797 DEBUG <a class="jive-link-external-small" href="org.jboss.security.auth.spi.DatabaseServerLoginModule">org.jboss.security.auth.spi.DatabaseServerLoginModule</a> (http-127.0.0.1-8080-1) Bad password for username=kermit</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Like I said, I'm 100% certain the kermit exists & has the role 'friend' (see attached screenshot)</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Is there anything I'm missing?</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>web.xml (supposedly for POJOs only but I've included a snippet anyway. Doesn't matter if I comment or uncomment it out. Same result "Bad password" error)</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><pre class="jive-pre"><code class="jive-code jive-xml"><span class="jive-xml-tag"><security-constraint></span>
          <span class="jive-xml-tag"><web-resource-collection></span>
               <span class="jive-xml-tag"><web-resource-name></span>All webservices<span class="jive-xml-tag"></web-resource-name></span>
               <span class="jive-xml-tag"><description></span>Protects all webservices<span class="jive-xml-tag"></description></span>
               <span class="jive-xml-tag"><url-pattern></span>/service<span class="jive-xml-tag"></url-pattern></span>
          <span class="jive-xml-tag"></web-resource-collection></span>
          <span class="jive-xml-tag"><auth-constraint></span>
               <span class="jive-xml-tag"><role-name></span>admissions-viewer<span class="jive-xml-tag"></role-name></span>
               <span class="jive-xml-tag"><role-name></span>friend<span class="jive-xml-tag"></role-name></span>
          <span class="jive-xml-tag"></auth-constraint></span>
     <span class="jive-xml-tag"></security-constraint></span>
     <span class="jive-xml-tag"><security-role></span>
          <span class="jive-xml-tag"><role-name></span>admissions-viewer<span class="jive-xml-tag"></role-name></span>
     <span class="jive-xml-tag"></security-role></span>
     <span class="jive-xml-tag"><security-role></span>
          <span class="jive-xml-tag"><role-name></span>friend<span class="jive-xml-tag"></role-name></span>
     <span class="jive-xml-tag"></security-role></span>
     <span class="jive-xml-tag"><security-role></span>
         <span class="jive-xml-tag"><role-name></span>admissions-manager<span class="jive-xml-tag"></role-name></span>
     <span class="jive-xml-tag"></security-role></span>
     <span class="jive-xml-tag"><login-config></span>
          <span class="jive-xml-tag"><auth-method></span>BASIC<span class="jive-xml-tag"></auth-method></span>
          <span class="jive-xml-tag"><realm-name></span>Verifiq Webservices Realm<span class="jive-xml-tag"></realm-name></span>
     <span class="jive-xml-tag"></login-config></span>
</code></pre><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>I've gone over it countless times & I'm just frustrated. It really shouldn't be that hard to get it to work...in theory :-)</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Is there anything I'm missing?</p><p>TIA,</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Judes Tumuhairwe</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>References:</p><p><span>[1] </span><a class="jive-link-external-small" href="http://community.jboss.org/docs/DOC-13533" target="_blank">http://community.jboss.org/wiki/JBossWS-Authentication</a></p><p><span>[2] </span><a class="jive-link-external-small" href="http://www.coderanch.com/t/477889/JBoss/Securing-Application-JBoss" target="_blank">http://www.coderanch.com/t/477889/JBoss/Securing-Application-JBoss</a></p><p><span>[3] </span><a class="jive-link-external-small" href="http://thatjavathing.blogspot.com/2009/05/authentication-and-authorization-with_30.html" target="_blank">http://thatjavathing.blogspot.com/2009/05/authentication-and-authorization-with_30.html</a></p></div>
<div style="background-color: #f4f4f4; padding: 10px; margin-top: 20px;">
<p style="margin: 0;">Reply to this message by <a href="http://community.jboss.org/message/565984#565984">going to Community</a></p>
        <p style="margin: 0;">Start a new discussion in JBoss Web Services at <a href="http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044">Community</a></p>
</div></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</div>
</body>
</html>