[jboss-user] [JBoss Web Services] New message: "Re: JbossWS username authentication not working"

Bonnie Kenison do-not-reply at jboss.com
Fri Feb 26 19:14:19 EST 2010


User development,

A new message was posted in the thread "JbossWS username authentication not working":

http://community.jboss.org/message/528943#528943

Author  : Bonnie Kenison
Profile : http://community.jboss.org/people/bkenison

Message:
--------------------------------------------------------------
Yes, I know.  The issue originally was that sending in bad username/passwords was not being stopped.  The webservice was being invoked anyway.  I made some of the configuration changes you recommended, then everything stopped working, even the good username/passwords. 
 
I'm not sure exactly what I changed that worked but, I have gotten the authentication working now.  Here is my new code:
 
Using Jboss 4.2.3.GA
 
login-config.xml    (located in jboss/server/default/conf):
 
    <application-policy name="JBossWS">
      <authentication>
        <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
          flag="required">
          <module-option name="usersProperties">props/jbossws-users.properties</module-option>
          <module-option name="rolesProperties">props/jbossws-roles.properties</module-option>
          <module-option name="unauthenticatedIdentity">anonymous</module-option>  
        </login-module>
      </authentication>
    </application-policy>
 

jbossws-users.properties  (located in jboss/server/default/conf/props):
# A sample users.properties file for use with the UsersRolesLoginModule
kermit=thefrog
 

jboss-wsse-server.xml:
 
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jboss.com/ws-security/config
http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
    <config>
        <timestamp ttl="300"/>
        <requires/>                         *** removed requires username*
    </config>
</jboss-ws-security>
 

Service:
 
@Stateless
@WebService
(name="TestWSEJB",
targetNamespace = "http://localhost:8080/uttestservice",
serviceName = "TestWSEJBService")
@SOAPBinding(style = SOAPBinding.Style.DOCUMENT)
@EndpointConfig(configName = "Standard WSSecurity Endpoint")
@SecurityDomain("JBossWS")
*@RolesAllowed("friend")
@WebContext(contextRoot="/uttestservice", urlPattern="/*", authMethod="BASIC", transportGuarantee="NONE", secureWSDLAccess=false)
*public class TestWSEJB implements com.utah.webservice.testClient.TestWSEJB {
    @Resource
    WebServiceContext wsContext;
 
@WebMethod
public String ping (String name)
{
 

    MessageContext msgCtx = (MessageContext)wsContext.getMessageContext();
    try
    {
        System.out.println(msgCtx);
        SOAPMessage soapMessage = ((SOAPMessageContext)msgCtx).getMessage();
        soapMessage.writeTo(System.out);
        System.out.println("");
    } catch (Exception se) { se.printStackTrace();}  
 

return "Hello : " + name;
}
}
 
jboss-wsse-client.xml:
 
<?xml version="1.0" encoding="UTF-8"?>
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
    <config>
        <username />
    </config>
</jboss-ws-security>
 

Client Interface:
 

/**
* This class was generated by the JAX-WS RI.
* JAX-WS RI 2.1.1-b03-
* Generated source version: 2.0
*
*/
@WebService(name = "TestWSEJB", targetNamespace = "http://localhost:8080/uttestservice")
public interface TestWSEJB {
 

/**
*
* @param arg0
* @return
* returns java.lang.String
*/
@WebMethod
@WebResult(targetNamespace = "")
@RequestWrapper(localName = "ping", targetNamespace = "http://localhost:8080/uttestservice", className = "test.Ping")
@ResponseWrapper(localName = "pingResponse", targetNamespace = "http://localhost:8080/uttestservice", className = "test.PingResponse")
public String ping(
@WebParam(name = "arg0", targetNamespace = "")
String arg0);
 
}
 
Client Test:
 
public class TestWSClient {
 
public static void main(String[] args) {
try {
TestWSClient client = new TestWSClient();
client.doTest(args);
} catch(Exception e) {
e.printStackTrace();
}
}
 
public void doTest(String[] args) {
 
try {
URL url = new URL("http://localhost:8080/uttestservice?wsdl");
QName qn = new QName("http://localhost:8080/uttestservice","TestWSEJBService");
Service s = Service.create(url, qn);
TestWSEJB port = s.getPort(TestWSEJB.class);
URL securityURL = new File("jboss-wsse-client.xml").toURL();
((StubExt)port).setSecurityConfig(securityURL.toExternalForm());
((StubExt)port).setConfigName("Standard WSSecurity Client");
((BindingProvider)port).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "kermitabcd");
((BindingProvider)port).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "thefrogefg");
System.out.println("Invoking the sayHello operation on the port.");
String response = port.ping("Pramod") ;
System.out.println(response);
} catch(Exception e) {
e.printStackTrace();
}
}
}
 
This code now allows calling of the webservice with "kermit/thefrog" and fails on "kermitabcd/thefrogefg".   Thanks for assisting.

--------------------------------------------------------------

To reply to this message visit the message page: http://community.jboss.org/message/528943#528943




More information about the jboss-user mailing list