First for webservices you don't want to use basic authentication... you want to use ws-security standard. And I experienced the same frustration that you are having... how do you integrate axis2 security into the containers security sandbox... as far as I can tell you can't. It appears that once you authenticated your web service with rampart module, you would then have to trigger the websphere security framework which would reauthenticate with these credentials and thereby produce a JAAS subject such that your business logic could use.
Otherwise, you go down the road of using basic authentication so that websphere can drive the authentication process implicilty... this is servlet based authentication and not web service based authentication. I think you need to use the native websphere web service stack to do what you want. Please correct me if I am wrong. > -----Original Message----- > From: Chris Rose [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 06, 2008 4:25 PM > To: [email protected] > Subject: WebSphere 6.1 security and Axis2 > > I am trying to deploy axis2 on WebSphere Application Server 6.1 in an > enterprise application that contains additional EJB jars. I am able to > invoke the web services with no difficulty (I can set breakpoints > inside their implementations and see logging from our service > implementation) so -- for the record -- Axis2 seems to be working as > advertised. > > However, I have a problem, and I am hoping that someone with experience > with Axis2 and WebSphere can point me down the path to fixing it. > > Our session beans -- to which we delegate for business logic from the > web service facade -- require that the user be authenticated in the > container. Not only is that a security concern, but we extract custom > credentials from the Subject in order to do the work. > > The web services, however, despite my best effort, cannot be made to > require authentication. I am not using ws-security, I am attempting to > simply use HTTP basic authentication for the web application, but > nothing I do can provoke WebSphere to provide me with a password > request dialog for any of the servlets. I am testing this by > navigating in a web browser to the service listing page, which simply > bypasses all of the login modules defined in WEB_INBOUND in the > container. > > Attached is the web.xml from the final, deployed axis2 WAR file. I > would dearly like to know why this does not result in my being required > to provide a password. If anyone can help me, I would be very > grateful. > > > -- > Chris Rose > Developer Planet Consulting Group > (780) 577-8433 > [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
