[jboss-user] [JBoss Web Services] New message: "Re: JbossWS username authentication not working"

User development, A new message was posted in the thread "JbossWS username authentication not working": http://community.jboss.org/message/528943#528943 Author : Bonnie Kenison Profile : http://community.jboss.org/people/bkenison Message: -------------------------------------------------------------- Yes, I know.  The issue originally was that sending in bad username/passwords was not being stopped.  The webservice was being invoked anyway.  I made some of the configuration changes you recommended, then everything stopped working, even the good username/passwords.   I'm not sure exactly what I changed that worked but, I have gotten the authentication working now.  Here is my new code:   Using Jboss 4.2.3.GA   login-config.xml    (located in jboss/server/default/conf):       <application-policy name="JBossWS">       <authentication>         <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"           flag="required">           <module-option name="usersProperties">props/jbossws-users.properties</module-option>           <module-option name="rolesProperties">props/jbossws-roles.properties</module-option>           <module-option name="unauthenticatedIdentity">anonymous</module-option>          </login-module>       </authentication>     </application-policy>   jbossws-users.properties  (located in jboss/server/default/conf/props): # A sample users.properties file for use with the UsersRolesLoginModule kermit=thefrog   jboss-wsse-server.xml:   <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">     <config>         <timestamp ttl="300"/>         <requires/>                         *** removed requires username*     </config> </jboss-ws-security>   Service:   @Stateless @WebService (name="TestWSEJB", targetNamespace = "http://localhost:8080/uttestservice", serviceName = "TestWSEJBService") @SOAPBinding(style = SOAPBinding.Style.DOCUMENT) @EndpointConfig(configName = "Standard WSSecurity Endpoint") @SecurityDomain("JBossWS") *@RolesAllowed("friend") @WebContext(contextRoot="/uttestservice", urlPattern="/*", authMethod="BASIC", transportGuarantee="NONE", secureWSDLAccess=false) *public class TestWSEJB implements com.utah.webservice.testClient.TestWSEJB {     @Resource     WebServiceContext wsContext;   @WebMethod public String ping (String name) {       MessageContext msgCtx = (MessageContext)wsContext.getMessageContext();     try     {         System.out.println(msgCtx);         SOAPMessage soapMessage = ((SOAPMessageContext)msgCtx).getMessage();         soapMessage.writeTo(System.out);         System.out.println("");     } catch (Exception se) { se.printStackTrace();}    return "Hello : " + name; } }   jboss-wsse-client.xml:   <?xml version="1.0" encoding="UTF-8"?> <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">     <config>         <username />     </config> </jboss-ws-security>   Client Interface:   /** * This class was generated by the JAX-WS RI. * JAX-WS RI 2.1.1-b03- * Generated source version: 2.0 * */ @WebService(name = "TestWSEJB", targetNamespace = "http://localhost:8080/uttestservice") public interface TestWSEJB {   /** * * @param arg0 * @return * returns java.lang.String */ @WebMethod @WebResult(targetNamespace = "") @RequestWrapper(localName = "ping", targetNamespace = "http://localhost:8080/uttestservice", className = "test.Ping") @ResponseWrapper(localName = "pingResponse", targetNamespace = "http://localhost:8080/uttestservice", className = "test.PingResponse") public String ping( @WebParam(name = "arg0", targetNamespace = "") String arg0);   }   Client Test:   public class TestWSClient {   public static void main(String[] args) { try { TestWSClient client = new TestWSClient(); client.doTest(args); } catch(Exception e) { e.printStackTrace(); } }   public void doTest(String[] args) {   try { URL url = new URL("http://localhost:8080/uttestservice?wsdl"); QName qn = new QName("http://localhost:8080/uttestservice","TestWSEJBService"); Service s = Service.create(url, qn); TestWSEJB port = s.getPort(TestWSEJB.class); URL securityURL = new File("jboss-wsse-client.xml").toURL(); ((StubExt)port).setSecurityConfig(securityURL.toExternalForm()); ((StubExt)port).setConfigName("Standard WSSecurity Client"); ((BindingProvider)port).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "kermitabcd"); ((BindingProvider)port).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "thefrogefg"); System.out.println("Invoking the sayHello operation on the port."); String response = port.ping("Pramod") ; System.out.println(response); } catch(Exception e) { e.printStackTrace(); } } }   This code now allows calling of the webservice with "kermit/thefrog" and fails on "kermitabcd/thefrogefg".   Thanks for assisting. -------------------------------------------------------------- To reply to this message visit the message page: http://community.jboss.org/message/528943#528943