[JBossWS] - Secure Webservice
by iorlas
Hi!
I am using JBoss-4.0.5.GA and have implemented a Webservice using
annotations. The Webservice is protected by a SecurityDomain.
To access the webservice I have looked at the examples from the jbossws samples for jbossws-1.2.1.GA and tried to followed it as much as possible. Obvioulsy something isn't correct since I get a Authentication Failure even though I passes the correct username and password. The client code:
System.setProperty(Provider.JAXWSPROVIDER_PROPERTY, "org.jboss.ws.core.jaxws.spi.ProviderImpl");
|
|
| URL wsdlURL = new URL(WSDL_LOCATION);
| Service service = Service.create(wsdlURL, SERVICE_NAME);
| WebServiceEndPoint endPoint = null;
|
| endPoint = (WebServiceEndPoint) service.getPort(WebServiceEndPoint.class);
|
| BindingProvider bp = (BindingProvider) endPoint;
| bp.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "test");
| bp.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "test");
|
| String result = (String) endPoint.test("Gurka");
| System.out.println("The Server response is: " + result);
|
I am stomped what I am doing wrong? I have pointed the JBossWS security domain to the correct database with a configuration that I know works for my EJBs.
Is the error on the client or the server side?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4046081#4046081
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4046081
19 years
[Security & JAAS/JBoss] - JBOSS JSSE configuration issue
by as1816
We have a problem in using JAAS during migration from Jboss-3.2.3 to JBoss-4.0.5.GA. The same approach is working in JBoss-3.2.3 version.
The reason for above I found is SecurityAssociation is not populated for JBoss-4.0.5.GA.
Ear Deployment/JAAS Configurations details:
We have two .ear deployed in the same server. First ear contains all EJBs. Second ear contains one war file through which we monitor the system. We are using customized login module and this login module is invoked properly and subject is populated.
subject.getPrivateCredentials().add(userBean);
logger.info("Adding role '" + userBean.getRole() + "'to context");
userRoles.addMember(new SimplePrincipal(userBean.getRole()));
Login module returns true. But from action class, when we call below code subject is null.
--------------------------------------------------------------------------------------
EntryUser user = EISDataHelper().getUser();
signature of getUser is as below:
public EntryUserBean getUser() throws CustodyException,
RemoteException
{
Subject subj = SecurityAssociation.getSubject();
//Here subject is null(in JBoss-4.0.5.GA), while same code is running in JBoss-3.2.3
if (subj == null)
{
logger.debug("subject is null");
return null;
}
}
--------------------------------------------------------------------------------------
Configuration for login module in login-config.xml is as below :
--------------------------------------------------------------------------------------
<application-policy name="settlement">
<login-module code="com.db.dcs.model.settlements.jboss.security.LdapDBLoginModule" flag="required">
<module-option name="validatePWD">true</module-option>
</login-module>
</application-policy>
--------------------------------------------------------------------------------------
Configuration for JAAS in conf/jboss-service.xml is as below :
--------------------------------------------------------------------------------------
<!--
====================================================================
-->
<!-- Security
-->
<!--
====================================================================
-->
jboss.security:service=XMLLoginConfig
login-config.xml
<!-- JAAS security manager and realm mapping -->
<!-- change JaasSecurityManager by JaasSecurityDomain -->
org.jboss.security.plugins.JaasSecurityDomain
<!--JaasSecurityDomain -->
jboss.security:service=JaasSecurityManager
${jboss.server.home.dir}/ssl/.keystore
gft01abc
--------------------------------------------------------------------------------------
Configuration for SSL in deploy/jbossweb-tomcat55.sar/server.xml is as below :
--------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------
Configuration for security domain in deploy/settlement-webapp.ear/settlement-webapp.war/jboss-web.xml is as below :
--------------------------------------------------------------------------------------
<jboss-web>
<security-domain>java:/jaas/settlement</security-domain>
</jboss-web>
--------------------------------------------------------------------------------------
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4046069#4046069
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4046069
19 years