[jboss-user] [JBossWS] - EJB3 SessionBean endpoint and security

Fri Sep 22 00:28:04 EDT 2006

I recently [finally] had time to upgrade to Eclipse 3.2 and JBoss 4.0.4 and ejb3 and am prototyping out some Web Services using the "181" way. I did the "HelloWorld" example in the Wiki (http://wiki.jboss.org/wiki/Wiki.jsp?page=JBWS181HelloWorld) and got things working very quickly.

I then saw many examples about how to create an endpoint out of a EJB3 session bean. Again, very easy. Very nice.

However, when I searched for how to setup security, I've run into problems. I added the @SecurityDomain and so forth, but cannot get it to secure and/or a client to authenticate.

My goal is simply: create a Web Service that a client can call with a username and password that the JBoss JAAS container can handle. It appears that this can be done, but I must be missing something simple. I appears you add the "@PortComponent" and "@SecurityDomain" and "@RolesAllowed" annotations and pass in the valid information.

When a client access the Web Service it get an authentication error even though I think I'm passing in the correct username/password. I'm using the defaults (kermit/thefrog in the role "friend").

The EJB3 Stateless Session Bean endpoint:

  | package com.buildlinks.ejb;
  | 
  | import java.rmi.RemoteException;
  | import java.security.Identity;
  | import java.security.Principal;
  | 
  | import javax.annotation.Resource;
  | import javax.annotation.security.RolesAllowed;
  | import javax.ejb.EJB;
  | import javax.ejb.SessionContext;
  | import javax.ejb.Stateless;
  | import javax.jws.WebMethod;
  | import javax.jws.WebService;
  | import javax.jws.soap.SOAPBinding;
  | import javax.naming.Context;
  | import javax.naming.InitialContext;
  | import javax.naming.NamingException;
  | import javax.persistence.Transient;
  | 
  | import org.jboss.annotation.security.SecurityDomain;
  | import org.jboss.ws.annotation.PortComponent;
  | 
  | @EJB(name="HelloWorldBean", description="", beanInterface=com.buildlinks.ejb.HelloWorld.class, beanName="HelloWorldBean")
  | @WebService(name="HelloWorld")
  | @SOAPBinding(style = SOAPBinding.Style.RPC)
  | @PortComponent(authMethod="BASIC", transportGuarantee="NONE", urlPattern="/*", contextRoot="/BuildLinksEjb3")
  | @SecurityDomain("JBossWS")
  | @RolesAllowed("friend")
  | 
  | /**
  |  * @author cboatwright
  |  */
  | public @Stateless class HelloWorldBean implements HelloWorld
  | {
  | 	@Resource
  | 	@Transient
  | 	SessionContext ctx;
  | 	
  | 	public HelloWorldBean()
  | 	{
  | 		System.out.println("HelloWorldBean created");
  | 	}
  | 
  | 	@WebMethod
  | 	public String echoString(String str1, String str2) throws RemoteException
  | 	{
  | 		System.out.println("str=" + str1 + ", str2=" + str2);
  | 
  | 		if (ctx != null)
  | 		{
  | 			Principal caller = ctx.getCallerPrincipal();
  | 			Identity identity = ctx.getCallerIdentity();
  | 			System.out.println("isCallerInRole(friend)=" + ctx.isCallerInRole("friend"));
  | 			System.out.println("caller=" + caller);
  | 			System.out.println("identity=" + identity);
  | 		}
  | 		
  | 		return "Thanks you for sending [" + str1 + "] and [" + str2 + "]";
  | 	}
  | }
  | 

The calling client:

  | package com.buildlinks.client;
  | 
  | import java.net.URL;
  | import java.util.Properties;
  | 
  | import javax.xml.namespace.QName;
  | import javax.xml.rpc.Service;
  | import javax.xml.rpc.ServiceFactory;
  | import javax.xml.rpc.Stub;
  | 
  | import org.jboss.ws.jaxrpc.ServiceFactoryImpl;
  | import org.jboss.ws.jaxrpc.StubExt;
  | 
  | import com.buildlinks.ejb.HelloWorld;
  | 
  | public class WsClientTest
  | {
  | 	public static void main(String[] args)
  | 	{
  | 		try
  | 		{
  | 			// http://java.sun.com/j2se/1.4.2/docs/guide/net/properties.html 
  | 			Properties systemSettings = System.getProperties();
  | 			systemSettings.put("http.basic.username", "kermit");
  | 			systemSettings.put("http.basic.password", "thefrog");
  | //			systemSettings.put("http.proxyHost", "localhost");
  | //			systemSettings.put("http.proxyPort", "8888");
  | //			systemSettings.put("http.nonProxyHosts", ""); 
  | //			systemSettings.put("http.proxyUserName",username);
  | //			systemSettings.put("http.proxyPassword",password);
  | 			System.setProperties(systemSettings);			
  | 			
  | 			URL url = new URL("http://localhost/BuildLinksEjb3/HelloWorldBean?wsdl");
  | 			QName qname = new QName("http://ejb.buildlinks.com/jaws", "HelloWorldBeanService");
  | 			
  | 			ServiceFactory  factory = ServiceFactoryImpl.newInstance();
  | 			Service service = factory.createService(url, qname);
  | 			
  | 			HelloWorld webServiceProxy = (HelloWorld)service.getPort(HelloWorld.class);
  | 			((Stub)webServiceProxy)._setProperty(StubExt.USERNAME_PROPERTY, "kermit");
  | 			((Stub)webServiceProxy)._setProperty(StubExt.PASSWORD_PROPERTY, "thefrog");
  | 
  | 			System.out.println("Before");
  | 			String rv = webServiceProxy.echoString("Colin", "Boatwright");
  | 			System.out.println("After");
  | 			
  | 			System.out.println("rv=" + rv);
  | 			
  | 		}
  | 		catch (Exception e)
  | 		{
  | 			e.printStackTrace(System.err);
  | 		}
  | 	}
  | }
  | 
  | 

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3973462#3973462

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3973462