[jboss-user] [JBoss Web Services] - Minimum required for basic user/password authentication on a POJO?

Karl Beowulph do-not-reply at jboss.com
Fri May 28 09:50:18 EDT 2010


Karl Beowulph [http://community.jboss.org/people/KBeowulph] created the discussion

"Minimum required for basic user/password authentication on a POJO?"

To view the discussion, visit: http://community.jboss.org/message/545289#545289

--------------------------------------------------------------
Hello.

I've followed the authentication guide ( http://community.jboss.org/wiki/JBossWS-Authentication http://community.jboss.org/wiki/JBossWS-Authentication) and have (mostly) successfully implemented basic security on a POJO web service. 

The problem I'm having though is that my client requires two-sets of authentication setting; once for the HTTP basic authentication, and again in the request context (same user and password).  Is there a way I can set it so that the user only needs to authenticate at the request context level?

My files are as follows...

h1. Service
*web.xml*
<?xml version="1.0" encoding="UTF-8"?> 
<web-app id="WebApp_ID" version="2.4" xmlns=http://java.sun.com/xml/ns/j2ee 
xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance 
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"> 

     <display-name>securityWs_PoC</display-name> 
     <servlet>           <servlet-name>secureWs</servlet-name>           <servlet-class>com.securityWs.SecureWs</servlet-class>           <load-on-startup>1</load-on-startup>      </servlet>      <servlet-mapping>           <servlet-name>secureWs</servlet-name>           <url-pattern>/secureWs</url-pattern>      </servlet-mapping>      <welcome-file-list>           <welcome-file>index.html</welcome-file>           <welcome-file>index.htm</welcome-file>           <welcome-file>index.jsp</welcome-file>           <welcome-file>default.html</welcome-file>           <welcome-file>default.htm</welcome-file>           <welcome-file>default.jsp</welcome-file>      </welcome-file-list> 


     <!-- Security -->      <security-constraint> 
          <web-resource-collection>                <web-resource-name>All resources</web-resource-name>                <url-pattern>/*</url-pattern>                <!-- <http-method>POST</http-method> -->           </web-resource-collection>           <auth-constraint>                <role-name>friend</role-name>           </auth-constraint>      </security-constraint>      <security-role>           <role-name>friend</role-name>      </security-role>      <login-config>           <auth-method>BASIC</auth-method>           <realm-name>JBossWS</realm-name>      </login-config> </web-app>






























































*jboss-web.xml*
<jboss-web>

     <security-domain>java:/jaas/JBossWS</security-domain>
</jboss-web>












*SecureWs.java*
package com.securityWs; 
 
import javax.jws.WebService; 
 
 
@WebService
public class SecureWs { 
 
 
 
     public String echo(String word){           return word+" "+word;      }
 
}
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 







h1. Client
*TestSecureClient.java*
package com.secureClient; 
 
import static org.junit.Assert.assertEquals; 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 


Thanks.

--------------------------------------------------------------

Reply to this message by going to Community
[http://community.jboss.org/message/545289#545289]

Start a new discussion in JBoss Web Services at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20100528/31516de3/attachment-0001.html 


More information about the jboss-user mailing list