[jboss-user] [JBoss Web Services] - Minimum required for basic user/password authentication on a POJO?
Karl Beowulph
do-not-reply at jboss.com
Fri May 28 09:50:18 EDT 2010
Karl Beowulph [http://community.jboss.org/people/KBeowulph] created the discussion
"Minimum required for basic user/password authentication on a POJO?"
To view the discussion, visit: http://community.jboss.org/message/545289#545289
--------------------------------------------------------------
Hello.
I've followed the authentication guide ( http://community.jboss.org/wiki/JBossWS-Authentication http://community.jboss.org/wiki/JBossWS-Authentication) and have (mostly) successfully implemented basic security on a POJO web service.
The problem I'm having though is that my client requires two-sets of authentication setting; once for the HTTP basic authentication, and again in the request context (same user and password). Is there a way I can set it so that the user only needs to authenticate at the request context level?
My files are as follows...
h1. Service
*web.xml*
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.4" xmlns=http://java.sun.com/xml/ns/j2ee
xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>securityWs_PoC</display-name>
<servlet> <servlet-name>secureWs</servlet-name> <servlet-class>com.securityWs.SecureWs</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>secureWs</servlet-name> <url-pattern>/secureWs</url-pattern> </servlet-mapping> <welcome-file-list> <welcome-file>index.html</welcome-file> <welcome-file>index.htm</welcome-file> <welcome-file>index.jsp</welcome-file> <welcome-file>default.html</welcome-file> <welcome-file>default.htm</welcome-file> <welcome-file>default.jsp</welcome-file> </welcome-file-list>
<!-- Security --> <security-constraint>
<web-resource-collection> <web-resource-name>All resources</web-resource-name> <url-pattern>/*</url-pattern> <!-- <http-method>POST</http-method> --> </web-resource-collection> <auth-constraint> <role-name>friend</role-name> </auth-constraint> </security-constraint> <security-role> <role-name>friend</role-name> </security-role> <login-config> <auth-method>BASIC</auth-method> <realm-name>JBossWS</realm-name> </login-config> </web-app>
*jboss-web.xml*
<jboss-web>
<security-domain>java:/jaas/JBossWS</security-domain>
</jboss-web>
*SecureWs.java*
package com.securityWs;
import javax.jws.WebService;
@WebService
public class SecureWs {
public String echo(String word){ return word+" "+word; }
}
h1. Client
*TestSecureClient.java*
package com.secureClient;
import static org.junit.Assert.assertEquals;
Thanks.
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/545289#545289]
Start a new discussion in JBoss Web Services at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20100528/31516de3/attachment-0001.html
More information about the jboss-user
mailing list