User development,
A new message was posted in the thread "JbossWS username authentication not
working":
http://community.jboss.org/message/528943#528943
Author : Bonnie Kenison
Profile :
http://community.jboss.org/people/bkenison
Message:
--------------------------------------------------------------
Yes, I know. The issue originally was that sending in bad username/passwords was not
being stopped. The webservice was being invoked anyway. I made some of the configuration
changes you recommended, then everything stopped working, even the good
username/passwords.
I'm not sure exactly what I changed that worked but, I have gotten the authentication
working now. Here is my new code:
Using Jboss 4.2.3.GA
login-config.xml (located in jboss/server/default/conf):
<application-policy name="JBossWS">
<authentication>
<login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required">
<module-option
name="usersProperties">props/jbossws-users.properties</module-option>
<module-option
name="rolesProperties">props/jbossws-roles.properties</module-option>
<module-option
name="unauthenticatedIdentity">anonymous</module-option>
</login-module>
</authentication>
</application-policy>
jbossws-users.properties (located in jboss/server/default/conf/props):
# A sample users.properties file for use with the UsersRolesLoginModule
kermit=thefrog
jboss-wsse-server.xml:
<jboss-ws-security
xmlns="http://www.jboss.com/ws-security/config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jboss.com/ws-security/config
http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
<config>
<timestamp ttl="300"/>
<requires/> *** removed requires username*
</config>
</jboss-ws-security>
Service:
@Stateless
@WebService
(name="TestWSEJB",
targetNamespace = "http://localhost:8080/uttestservice",
serviceName = "TestWSEJBService")
@SOAPBinding(style = SOAPBinding.Style.DOCUMENT)
@EndpointConfig(configName = "Standard WSSecurity Endpoint")
@SecurityDomain("JBossWS")
*@RolesAllowed("friend")
@WebContext(contextRoot="/uttestservice", urlPattern="/*",
authMethod="BASIC", transportGuarantee="NONE",
secureWSDLAccess=false)
*public class TestWSEJB implements com.utah.webservice.testClient.TestWSEJB {
@Resource
WebServiceContext wsContext;
@WebMethod
public String ping (String name)
{
MessageContext msgCtx = (MessageContext)wsContext.getMessageContext();
try
{
System.out.println(msgCtx);
SOAPMessage soapMessage = ((SOAPMessageContext)msgCtx).getMessage();
soapMessage.writeTo(System.out);
System.out.println("");
} catch (Exception se) { se.printStackTrace();}
return "Hello : " + name;
}
}
jboss-wsse-client.xml:
<?xml version="1.0" encoding="UTF-8"?>
<jboss-ws-security
xmlns="http://www.jboss.com/ws-security/config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jboss.com/ws-security/config
http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
<config>
<username />
</config>
</jboss-ws-security>
Client Interface:
/**
* This class was generated by the JAX-WS RI.
* JAX-WS RI 2.1.1-b03-
* Generated source version: 2.0
*
*/
@WebService(name = "TestWSEJB", targetNamespace =
"http://localhost:8080/uttestservice")
public interface TestWSEJB {
/**
*
* @param arg0
* @return
* returns java.lang.String
*/
@WebMethod
@WebResult(targetNamespace = "")
@RequestWrapper(localName = "ping", targetNamespace =
"http://localhost:8080/uttestservice", className = "test.Ping")
@ResponseWrapper(localName = "pingResponse", targetNamespace =
"http://localhost:8080/uttestservice", className =
"test.PingResponse")
public String ping(
@WebParam(name = "arg0", targetNamespace = "")
String arg0);
}
Client Test:
public class TestWSClient {
public static void main(String[] args) {
try {
TestWSClient client = new TestWSClient();
client.doTest(args);
} catch(Exception e) {
e.printStackTrace();
}
}
public void doTest(String[] args) {
try {
URL url = new URL("http://localhost:8080/uttestservice?wsdl");
QName qn = new
QName("http://localhost:8080/uttestservice","TestWSEJBService");
Service s = Service.create(url, qn);
TestWSEJB port = s.getPort(TestWSEJB.class);
URL securityURL = new File("jboss-wsse-client.xml").toURL();
((StubExt)port).setSecurityConfig(securityURL.toExternalForm());
((StubExt)port).setConfigName("Standard WSSecurity Client");
((BindingProvider)port).getRequestContext().put(BindingProvider.USERNAME_PROPERTY,
"kermitabcd");
((BindingProvider)port).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY,
"thefrogefg");
System.out.println("Invoking the sayHello operation on the port.");
String response = port.ping("Pramod") ;
System.out.println(response);
} catch(Exception e) {
e.printStackTrace();
}
}
}
This code now allows calling of the webservice with "kermit/thefrog" and fails
on "kermitabcd/thefrogefg". Thanks for assisting.
--------------------------------------------------------------
To reply to this message visit the message page:
http://community.jboss.org/message/528943#528943