WebSphere 6.1 security and Axis2

Wed, 06 Feb 2008 13:26:07 -0800

I am trying to deploy axis2 on WebSphere Application Server 6.1 in an enterprise application that contains additional EJB jars. I am able to invoke the web services with no difficulty (I can set breakpoints inside their implementations and see logging from our service implementation) so -- for the record -- Axis2 seems to be working as advertised.
However, I have a problem, and I am hoping that someone with experience with Axis2 and WebSphere can point me down the path to fixing it. 


Our session beans -- to which we delegate for business logic from the 
web service facade -- require that the user be authenticated in the 
container.  Not only is that a security concern, but we extract custom 
credentials from the Subject in order to do the work.



The web services, however, despite my best effort, cannot be made to 
require authentication.  I am not using ws-security, I am attempting to 
simply use HTTP basic authentication for the web application, but 
nothing I do can provoke WebSphere to provide me with a password request 
dialog for any of the servlets.  I am testing this by navigating in a 
web browser to the service listing page, which simply bypasses all of 
the login modules defined in WEB_INBOUND in the container.



Attached is the web.xml from the final, deployed axis2 WAR file.  I 
would dearly like to know why this does not result in my being required 
to provide a password.  If anyone can help me, I would be very grateful.



--
Chris Rose
Developer    Planet Consulting Group
(780) 577-8433
[EMAIL PROTECTED]

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd";>
<web-app id="WebApp_1202330773795">
    <display-name>Apache-Axis2</display-name>
    <servlet>
        <servlet-name>AxisServlet</servlet-name>
        <display-name>Apache-Axis Servlet</display-name>
        <servlet-class>org.apache.axis2.transport.http.AxisServlet</servlet-class>
        <!--<init-param>-->
        <!--<param-name>axis2.xml.path</param-name>-->
        <!--<param-value>/WEB-INF/conf/axis2.xml</param-value>-->
        <!--<param-name>axis2.xml.url</param-name>-->
        <!--<param-value>http://localhot/myrepo/axis2.xml</param-value>-->
        <!--<param-name>axis2.repository.path</param-name>-->
        <!--<param-value>/WEB-INF</param-value>-->
        <!--<param-name>axis2.repository.url</param-name>-->
        <!--<param-value>http://localhot/myrepo</param-value>-->
        <!--</init-param>-->
        <load-on-startup>1</load-on-startup>
        <security-role-ref>
            <description>The axis2 servlet must have an authenticated role</description>
            <role-name>Axis Security</role-name>
            <role-link>ecourierGeneralPermission</role-link>
        </security-role-ref>
    </servlet>
    <servlet>
        <servlet-name>AxisAdminServlet</servlet-name>
        <display-name>Apache-Axis AxisAdmin Servlet (Web Admin)</display-name>
        <servlet-class>org.apache.axis2.transport.http.AxisAdminServlet</servlet-class>
        <security-role-ref>
            <description>The axis2 servlet must have an authenticated role</description>
            <role-name>Axis Security</role-name>
            <role-link>ecourierGeneralPermission</role-link>
        </security-role-ref>
    </servlet>
    <servlet-mapping>
        <servlet-name>AxisServlet</servlet-name>
        <url-pattern>/servlet/AxisServlet</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>AxisServlet</servlet-name>
        <url-pattern>*.jws</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>AxisServlet</servlet-name>
        <url-pattern>/services/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>AxisAdminServlet</servlet-name>
        <url-pattern>/axis2-admin/*</url-pattern>
    </servlet-mapping>
    <mime-mapping>
        <extension>inc</extension>
        <mime-type>text/plain</mime-type>
    </mime-mapping>
    <welcome-file-list>
        <welcome-file>index.jsp</welcome-file>
        <welcome-file>index.html</welcome-file>
        <welcome-file>axis2-web/index.jsp</welcome-file>
    </welcome-file-list>
    <error-page>
        <error-code>404</error-code>
        <location>/axis2-web/Error/error404.jsp</location>
    </error-page>
    <error-page>
        <error-code>500</error-code>
        <location>/axis2-web/Error/error500.jsp</location>
    </error-page>
    <security-constraint>
        <display-name>Axis2 Security Constraint</display-name>
        <web-resource-collection>
            <web-resource-name>All resources</web-resource-name>
            <description>Requires authentication to the e-Courier application services to operate the web services</description>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <description>Require authenticated users</description>
            <role-name>ecourierGeneralPermission</role-name>
        </auth-constraint>
        <user-data-constraint>
            <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>
    </security-constraint>
    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>CORE360 Web Services</realm-name>
    </login-config>
    <security-role>
        <description>The ecourierGeneralPermission role is a minimal, authentication-requiring role</description>
        <role-name>ecourierGeneralPermission</role-name>
    </security-role>
    <ejb-local-ref id="ecasServerEjb_08339416">
        <description>Session bean reference to Session_StoreManager created by ecas_deploy</description>
        <ejb-ref-name>ejb/StoreManagerLocal</ejb-ref-name>
        <ejb-ref-type>Session</ejb-ref-type>
        <local-home>com.aciworldwide.ecourier.mail.ejb.local.StoreManagerLocalHome</local-home>
        <local>com.aciworldwide.ecourier.mail.ejb.local.StoreManagerLocal</local>
        <ejb-link>ecasServerEjb.jar#StoreManager</ejb-link>
    </ejb-local-ref>
    <ejb-local-ref id="ecasServerEjb_00577034">
        <description>Session bean reference to Session_ProxyStoreManager created by ecas_deploy</description>
        <ejb-ref-name>ejb/ProxyStoreManagerLocal</ejb-ref-name>
        <ejb-ref-type>Session</ejb-ref-type>
        <local-home>com.aciworldwide.ecourier.mail.ejb.local.ProxyStoreManagerLocalHome</local-home>
        <local>com.aciworldwide.ecourier.mail.ejb.local.ProxyStoreManagerLocal</local>
        <ejb-link>ecasServerEjb.jar#ProxyStoreManager</ejb-link>
    </ejb-local-ref>
    <ejb-local-ref id="ecasServerEjb_08216865">
        <description>Session bean reference to Session_SiteManager created by ecas_deploy</description>
        <ejb-ref-name>ejb/SiteManagerLocal</ejb-ref-name>
        <ejb-ref-type>Session</ejb-ref-type>
        <local-home>com.aciworldwide.ecourier.site.ejb.local.SiteManagerLocalHome</local-home>
        <local>com.aciworldwide.ecourier.site.ejb.local.SiteManagerLocal</local>
        <ejb-link>ecasServerEjb.jar#SiteManager</ejb-link>
    </ejb-local-ref>
    <ejb-local-ref id="ecasServerEjb_00855164">
        <description>Session bean reference to Session_DataInjection created by ecas_deploy</description>
        <ejb-ref-name>ejb/DataInjectionLocal</ejb-ref-name>
        <ejb-ref-type>Session</ejb-ref-type>
        <local-home>com.aciworldwide.ecourier.management.ejb.local.DataInjectionLocalHome</local-home>
        <local>com.aciworldwide.ecourier.management.ejb.local.DataInjectionLocal</local>
        <ejb-link>ecasServerEjb.jar#DataInjection</ejb-link>
    </ejb-local-ref>
    <ejb-local-ref id="ecasServerEjb_02754531">
        <description>Session bean reference to Session_CodeLookup created by ecas_deploy</description>
        <ejb-ref-name>ejb/CodeLookupLocal</ejb-ref-name>
        <ejb-ref-type>Session</ejb-ref-type>
        <local-home>com.aciworldwide.ecourier.management.ejb.local.CodeLookupLocalHome</local-home>
        <local>com.aciworldwide.ecourier.management.ejb.local.CodeLookupLocal</local>
        <ejb-link>ecasServerEjb.jar#CodeLookup</ejb-link>
    </ejb-local-ref>
    <ejb-local-ref id="ecasServerEjb_05410831">
        <description>Session bean reference to Session_DocumentManager created by ecas_deploy</description>
        <ejb-ref-name>ejb/DocumentManagerLocal</ejb-ref-name>
        <ejb-ref-type>Session</ejb-ref-type>
        <local-home>com.aciworldwide.ecourier.management.ejb.local.DocumentManagerLocalHome</local-home>
        <local>com.aciworldwide.ecourier.management.ejb.local.DocumentManagerLocal</local>
        <ejb-link>ecasServerEjb.jar#DocumentManager</ejb-link>
    </ejb-local-ref>
    <ejb-local-ref id="ecasServerEjb_09841788">
        <description>Session bean reference to Session_Authenticate created by ecas_deploy</description>
        <ejb-ref-name>ejb/AuthenticateLocal</ejb-ref-name>
        <ejb-ref-type>Session</ejb-ref-type>
        <local-home>com.aciworldwide.ecourier.auth.ejb.local.AuthenticateLocalHome</local-home>
        <local>com.aciworldwide.ecourier.auth.ejb.local.AuthenticateLocal</local>
        <ejb-link>ecasServerEjb.jar#Authenticate</ejb-link>
    </ejb-local-ref>
    <ejb-local-ref id="ecasServerEjb_00944633">
        <description>Session bean reference to Session_OperationsManager created by ecas_deploy</description>
        <ejb-ref-name>ejb/OperationsManagerLocal</ejb-ref-name>
        <ejb-ref-type>Session</ejb-ref-type>
        <local-home>com.aciworldwide.ecourier.management.ejb.local.OperationsManagerLocalHome</local-home>
        <local>com.aciworldwide.ecourier.management.ejb.local.OperationsManagerLocal</local>
        <ejb-link>ecasServerEjb.jar#OperationsManager</ejb-link>
    </ejb-local-ref>
    <ejb-local-ref id="ecasServerEjb_06459275">
        <description>Session bean reference to Session_SelfServiceManager created by ecas_deploy</description>
        <ejb-ref-name>ejb/SelfServiceManagerLocal</ejb-ref-name>
        <ejb-ref-type>Session</ejb-ref-type>
        <local-home>com.aciworldwide.ecourier.management.ejb.local.SelfServiceManagerLocalHome</local-home>
        <local>com.aciworldwide.ecourier.management.ejb.local.SelfServiceManagerLocal</local>
        <ejb-link>ecasServerEjb.jar#SelfServiceManager</ejb-link>
    </ejb-local-ref>
    <ejb-local-ref id="ecasServerEjb_01044676">
        <description>Session bean reference to Session_BulkOperationsManager created by ecas_deploy</description>
        <ejb-ref-name>ejb/BulkOperationsManagerLocal</ejb-ref-name>
        <ejb-ref-type>Session</ejb-ref-type>
        <local-home>com.aciworldwide.ecourier.management.ejb.local.BulkOperationsManagerLocalHome</local-home>
        <local>com.aciworldwide.ecourier.management.ejb.local.BulkOperationsManagerLocal</local>
        <ejb-link>ecasServerEjb.jar#BulkOperationsManager</ejb-link>
    </ejb-local-ref>
    <ejb-local-ref id="ecasServerEjb_07883725">
        <description>Session bean reference to Session_Certification created by ecas_deploy</description>
        <ejb-ref-name>ejb/CertificationLocal</ejb-ref-name>
        <ejb-ref-type>Session</ejb-ref-type>
        <local-home>com.aciworldwide.ecourier.management.ejb.local.CertificationLocalHome</local-home>
        <local>com.aciworldwide.ecourier.management.ejb.local.CertificationLocal</local>
        <ejb-link>ecasServerEjb.jar#Certification</ejb-link>
    </ejb-local-ref>
    <ejb-local-ref id="ecasReportWebSphereServer_01779497">
        <description>Session bean reference to Session_ReportManager created by ecas_deploy</description>
        <ejb-ref-name>ejb/ReportManagerLocal</ejb-ref-name>
        <ejb-ref-type>Session</ejb-ref-type>
        <local-home>com.aciworldwide.ecourier.report.ejb.local.ReportManagerLocalHome</local-home>
        <local>com.aciworldwide.ecourier.report.ejb.local.ReportManagerLocal</local>
        <ejb-link>ecasReportWebSphereServer.jar#ReportManager</ejb-link>
    </ejb-local-ref>
</web-app>



Attachment:
signature.asc

Description: OpenPGP digital signature






















					Reply via email to