The Java container is Orion 1.5.3 / OC4J Oracle 9iAS. As for the
web.xml, here is the snippet I have setup:
<security-constraint>
<web-resource-collection>
<web-resource-name>Main</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>sr_default</role-name>
<role-name>sr_maintainer</role-name>
<role-name>sr_administrator</role-name>
</auth-constraint>
</security-constraint>
<!-- Define the Login Configuration for this Application -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>SomeMessage</realm-name>
</login-config>
<security-role>
<role-name>sr_default</role-name>
</security-role>
<security-role>
<role-name>sr_maintainer</role-name>
</security-role>
<security-role>
<role-name>sr_administrator</role-name>
</security-role>
You mention JAAS... do I need to set that up to make this work? It was
my understanding that I could simply configure the roles/groups and
users via the xmls files and the J2ee container knew how to associate
the configured principals to the creds passed in on the request.
Reg
Matthew Hannay wrote:
What Java container are you using?
and have you configured the container(i.e JAAS) and
the web.xml correctly?
Matt
--- [EMAIL PROTECTED] wrote:
Hi
I've reviewed the mailing lists and tried the
samples but I am still having an issue getting Basic
Auth to work within my J2ee container using Axis
1.2.
I believe I have the roles, groups and users setup
on the web service side. When I make a request into
my container I am receiving: Axis fault:
(401)Unauthorized
Which leads me to believe I have things enabled
correctly.
On the client side I have setup my code as follows:
String endpoint =
"http://localhost:8080/axis/services/somemessage";;
Service service = new Service();
Call call = (Call) service.createCall();
call.setTargetEndpointAddress( new
java.net.URL(endpoint) );
call.setOperationName(new QName("addSomeMessage"));
call.setUsername("test");
call.setPassword("abcd");
Now, whenever I make this call I get the 401 message
back to my client.
Is there some additonal deployment configuration I
need to modify to enable this auth to happen?
<service name="somemessage" provider="java:RPC"
style="rpc" use="encoded">
<requestFlow><handler type="soapmonitor"
/></requestFlow>
<responseFlow><handler type="soapmonitor"
/></responseFlow>
...
</service>
It is my hope that I can somehow access the soap
header information and perform what ever auth action
is required to either allow the clients call to
continue or fail. Would this auth code be found in
the generated somemessageSoapBindingImpl file?
Any and all advice would be most welcomed.
Reg
---------------------------------------------------------------------
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
Send instant messages to your online friends http://au.messenger.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
