[jboss-user] [JBossWS] - Authorization failure .NET client to secured Webservices
marcelvanvelzen
do-not-reply at jboss.com
Sat Dec 2 05:50:06 EST 2006
Hi,
I am sorry for this posting, since I think this has been asked many many times. I have read all the related topics and tried many things, but still I cannot make my .NET client connect to my JBoss 4.0.5GA Webservices. My Visual Basic 2005 .NET client gives the error 'Authorization failed'. When I use @PermitAll it works fine. I really hope somebody can help me, since I have an idea what to do next.
What have I done:
1) Specified @SecurityDomain("AthenaWS") in the Webservice and added @RolesAllowed("RegularUser") for all methods. The annotations of the class start with:
@WebService (name="ApplicationEndPoint", serviceName="Application", targetNamespace = "http://address:8080/athenaserver")
@SOAPBinding (style=SOAPBinding.Style.DOCUMENT, use=SOAPBinding.Use.LITERAL, parameterStyle = SOAPBinding.ParameterStyle.WRAPPED)
@Stateless
@Remote(ApplicationRemote.class)
@RemoteBinding(jndiBinding = "/ejb3/ApplicationEndPoint")
@SecurityDomain("AthenaWS")
public class etc
2) Added the following text to JBOSS_HOME/server/default/conf/login-config.xml:
<!-- A template configuration for the AthenaWS web application (and transport layer!).
This defaults to the UsersRolesLoginModule the same as other and should be
changed to a stronger authentication mechanism as required.
-->
<application-policy name="AthenaWS">
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
<module-option name="usersProperties">props/athenaws-users.properties</module-option>
<module-option name="rolesProperties">props/athenaws-roles.properties</module-option>
<module-option name="unauthenticatedIdentity">anonymous</module-option>
<module-option name="hashEncoding">base64</module-option>
<!--
<module-option name="hashAlgorithm">MD5</module-option> (when basic works, I want to use digest authentication)
-->
</login-module>
</application-policy>
3) Placed athenaws-users.properties in the JBOSS_HOME/server/default/conf/props, this has the following contents:
velzm=secret
4) Placed athenaws-roles.properties in the JBOSS_HOME/server/default/conf/props, this has the following contents:
velzm=RegularUser
5) Downloaded Visual Basic 2005 Express Edition and SDK 2.0. I am using InfoPath 2007 but this cannot work with JBoss secured webservices directly, only using SharePoint Server this should be possible using UDC reading the documentation. However, I don't want this additional layer, so I am trying to make a work-a-round. I am using the tool wsdl.exe to generate a Visual Basic class for the webservice. Later when this works, I want to see if it possible to generate JavaScript code and embed this in the InfoPath form, so distribution no problem. With VB I must distribute the dll, which would suck.
6) Extended the generated VB webservice class, since preAuthenticate according to the topics gives problem. The VB code is:
Option Explicit On
Imports System
Imports System.IO
Imports System.Net
Imports System.Text
Public Class ApplicationWS
Inherits Application
Private nc As NetworkCredential = Nothing
Protected Overrides Function GetWebRequest(ByVal Uri As Uri) As System.Net.WebRequest
Dim request As System.Net.HttpWebRequest = MyBase.GetWebRequest(Uri)
If (MyBase.PreAuthenticate) Then
Dim nc As System.Net.NetworkCredential = MyBase.Credentials.GetCredential(Uri, "Basic")
Dim credBuf() As Byte = New System.Text.UTF8Encoding().GetBytes(nc.Domain + "\" + nc.UserName + ":" + nc.Password)
If Not credBuf Is Nothing Then
request.Headers("Authorization") = "Basic " + Convert.ToBase64String(credBuf)
End If
End If
GetWebRequest = request
End Function
Public Overloads Function getExchanges() As String()
Dim parms As New getExchanges
Return MyBase.getExchanges(parms)
End Function
Public Sub New()
MyBase.New()
MyBase.PreAuthenticate = False
End Sub
Public Sub New(ByVal domain As String, ByVal user As String, ByVal password As String)
MyBase.New()
MyBase.Credentials = New NetworkCredential(user, password, domain)
MyBase.PreAuthenticate = True
End Sub
End Class
7) Testing the stuff, by the following VB code:
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
Dim application As New ApplicationWS("AthenaWS", "velzm", "secret")
Dim count As Integer
Try
Dim exchanges() As String = application.getExchanges()
For count = 0 To exchanges.Length - 1
Console.WriteLine(exchanges(count))
Next count
Console.Beep()
Catch ex As Exception
MsgBox("ex=" + ex.Message)
End Try
End Sub
This results in the message 'Authorization failure'. What's wrong ?
- In JBoss 4.0.5GA I don't see an annotation of validateUnauthorizedTrue, so I cannot set this to true.
Question which I have, is this option still necessary to set in JBoss 4.0.5GA ?
- JBOSS_HOME/server/default/logs/server.log shows the following line:
2006-12-02 09:18:20,062 DEBUG [jbossws.SOAPMessage] Incomming SOAPMessage
<soap:Envelope xmlns:soap='http://schemas.xmlsoap.org/soap/envelope/' xmlns:xsd='http://www.w3.org/2001/XMLSchema' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'>
<soap:Header/>
<soap:Body>
</soap:Body></soap:Envelope>
Question which I have, where is the authentication header ?? I have used the debugger for overridded function GetWebRequest and this is called correctly, but is it not sending the information ? Or is it sending the information, but not showing up in the log ?
I really need some suggestions, since I am stuck.
Thanks in advance,
Marcel van Velzen
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3990739#3990739
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3990739
More information about the jboss-user
mailing list