Hi All
I'am running an Axis (1.2RC3) Web Service on a Tomcat (4.1.31)
I'am having problems getting Basic Authentication working using the
ServletSecurityProvider and the SimpleAuthenticationHandler.
This is my configuration:
In the Axis web.xml:
<servlet>
<servlet-name>AxisServlet</servlet-name>
<display-name>Apache-Axis Servlet</display-name>
<servlet-class>
org.apache.axis.transport.http.AxisServlet
</servlet-class>
<init-param>
<param-name>use-servlet-security</param-name>
<param-value>1</param-value>
</init-param>
</servlet>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Web Services Basic Authentication</realm-name>
</login-config>
In the server-config.wsdd
<requestFlow name="checks">
<handler
type="java:org.apache.axis.handlers.SimpleAuthenticationHandler"/>
</requestFlow>
<parameter name="allowedRoles" value="test"/>
In tomcat-users.xml
<tomcat-users>
<role rolename="test"/>
<user username="test" password="test" roles="test"/>
</tomcat-users>
This setup was previously discussed here
http://marc.theaimsgroup.com/?l=axis-user&m=104403054218784&w=2 quite a
while back.
I add the username and password in the client and using TCPMON can see
that it is being sent in the HTTP Headers.
I've also added logging to the SimpleAuthenticationHandler and can see
that the username/password is received correctly and that the security
provider used is
org.apache.axis.security.servlet.ServletSecurityProvider
Should the allowedRoles specified in the server-config.wsdd be a user or
role in the tomcat-users.xml.
Any pointers or help would be much appreciated.
Clement