[jboss-user] [JBossWS] - Re: Trying to use jboss.xml instead of @WebContext

karypid do-not-reply at jboss.com
Thu Aug 21 08:52:59 EDT 2008 

Hello,

I am using the very latest: JBossAS 4.2.3.GA and JBossWS-Native 3.0.3.GA.

When my EJB is coded as follows:

@Stateless
  | @WebService(
  |     serviceName="MyBasicWS", portName = "MyBasicWSSOAP",
  |     targetNamespace = "http://www.example.org/MyBasicWS/",
  |     endpointInterface = "org.example.mybasicws.MyBasicWS")
  | @WebContext(authMethod="BASIC")
  | @RolesAllowed("friend")
  | public class MyBasicWSImpl {
  | 	public String echo(String in) {
  | 		System.out.println("RECEIVED: " + in);
  | 		return in;
  | 	}
  | }

I use the following jboss.xml to set the security domain:

<!DOCTYPE jboss PUBLIC
  |       "-//JBoss//DTD JBOSS 4.2//EN"
  |       "http://www.jboss.org/j2ee/dtd/jboss_4_2.dtd">
  | <jboss>
  | 	<security-domain>java:/jaas/JBossWS</security-domain>
  | 	<webservices>
  | 		<context-root>myBasicWS</context-root>
  | 	</webservices>
  | </jboss>

Everything works like a charm with the combination above (I must access the EJB as kermit/thefrog from the default jbossws-xxxx.properties files). However, I want to get rid of the @WebContext annotation. My idea (which does not work) is the following combination:

@Stateless
  | @WebService(
  |     serviceName="MyBasicWS", portName = "MyBasicWSSOAP",
  |     targetNamespace = "http://www.example.org/MyBasicWS/",
  |     endpointInterface = "org.example.mybasicws.MyBasicWS")
  | //@WebContext(authMethod="BASIC")
  | //Undesirable
  | //The above should be picked up from jboss.xml
  | @RolesAllowed("friend")
  | public class MyBasicWSImpl {
  | 	public String echo(String in) {
  | 		System.out.println("RECEIVED: " + in);
  | 		return in;
  | 	}
  | }

Then, I try to express that the EJB must use BASIC authentication method as follows:

<!DOCTYPE jboss PUBLIC
  |       "-//JBoss//DTD JBOSS 4.2//EN"
  |       "http://www.jboss.org/j2ee/dtd/jboss_4_2.dtd">
  | <jboss>
  | 	<security-domain>java:/jaas/JBossWS</security-domain>
  | 	<webservices>
  | 		<context-root>myBasicWS</context-root>
  | 	</webservices>
  | 	<enterprise-beans>
  | 		<session>
  | 			<ejb-name>MyBasicWSImpl</ejb-name>
  | 			<port-component>
  | 				<port-component-name>MyBasicWSSOAP</port-component-name>
  | 				<auth-method>BASIC</auth-method>
  | 			</port-component>
  | 		</session>
  | 	</enterprise-beans>
  | </jboss>

In this case however, the client throws an authorization failure exception:

javax.xml.ws.soap.SOAPFaultException: Authorization failure
  | 	at org.jboss.ws.core.jaxws.SOAPFaultHelperJAXWS.getSOAPFaultException(SOAPFaultHelperJAXWS.java:77)
  | 	at org.jboss.ws.core.jaxws.binding.SOAP11BindingJAXWS.throwFaultException(SOAP11BindingJAXWS.java:107)
  | 	at org.jboss.ws.core.CommonSOAPBinding.unbindResponseMessage(CommonSOAPBinding.java:577)
  | 	at org.jboss.ws.core.CommonClient.invoke(CommonClient.java:381)
  | 	at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:291)
  | 	at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:170)
  | 	at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:150)
  | 	at $Proxy19.echo(Unknown Source)
  | 	at test.TestBasicWS.basicAuthTest(TestBasicWS.java:41)

On the server side, I see this:

15:41:47,349 ERROR [RoleBasedAuthorizationInterceptor] Insufficient permissions, principal=null, requiredRoles=[friend], principalRoles=[]
  | 15:41:47,349 ERROR [SOAPFaultHelperJAXWS] SOAP request exception
  | javax.ejb.EJBAccessException: Authorization failure
  | 	at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptor.invoke(RoleBasedAuthorizationInterceptor.java:120

Apparently, JBoss disregards the BASIC-auth and does NOT assign a principal to the session. Therefore the role-based authenticator denies access to the method (as it should).

Apparently, my jboss.xml does not tell JBoss to associate basic-auth with the published web service. I was suspicious of what I should put in the "port-component-name" value. Supposedly, the documentation says: Maps to the port-component-name in the webservices.xml descriptor. However, I do not use a webservices.xml file but use the @WebService annotation instead.

In the code above I use the value for the "portName" attribute of @WebService but I also tried the ejb-name (MyBasicWSImpl) and the serviceName (MyBasicWS) with no luck.

Any clues as to how I can achieve this while keeping the code JBoss-clear?


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4171766#4171766

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4171766

More information about the jboss-user mailing list