Title: EJB Authentication
|
I use
the default BeanDeserializer. I am attaching the Client code and also the
generated code for this bean.
Thanks,
Ramesh.
can you post your client code and deserializer code?
-----Original Message-----
From: Bobba, Ramesh
[mailto:[EMAIL PROTECTED]
Sent: Thu 3/4/2004 11:01 AM
To: '[EMAIL PROTECTED]'
Cc:
Subject:
RE: EJB Authentication
Hi,
I
got this working (kinda) in the sense that the server works fine. It
executes the ejb methods and returns a soap message (according to what I see
in the logs), but on the client side I get an AxisFault saying: Dose anyone
know why? I have all the generated client side classes in the class path! I
am also attaching the client code.
Thanks,
Ramesh.
org.xml.sax.SAXException: Deserializing parameter
'findDeviceReturn': could not find deserializer for type
{http://values.oampAdapter.insignia.com}FindDeviceResponse
at
org.apache.axis.message.RPCHandler.onStartChild(RPCHandler.java:302)
at
org.apache.axis.encoding.DeserializationContextImpl.startElement(DeserializationContextImpl.java:963)
at
org.apache.axis.message.SAX2EventRecorder.replay(SAX2EventRecorder.java:198)
at
org.apache.axis.message.MessageElement.publishToHandler(MessageElement.java:722)
at
org.apache.axis.message.RPCElement.deserialize(RPCElement.java:233)
at
org.apache.axis.message.RPCElement.getParams(RPCElement.java:347)
at
org.apache.axis.client.Call.invoke(Call.java:2272)
at
org.apache.axis.client.Call.invoke(Call.java:2171)
at
org.apache.axis.client.Call.invoke(Call.java:1691)
at GetInfo.main(GetInfo.java:147)
AxisFault
faultCode:
{http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: org.xml.sax.SAXException: Deserializing parameter
'findDeviceReturn': could not find deserializer for
type
{http://values.oampAdapter.insignia.com}FindDeviceResponse
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace: org.xml.sax.SAXException:
Deserializing parameter 'findDeviceReturn': could not find
deserializer for type
{http://values.oampAdapter.insignia.com}FindDeviceResponse
at
org.apache.axis.message.RPCHandler.onStartChild(RPCHandler.java:302)
at
org.apache.axis.encoding.DeserializationContextImpl.startElement(DeserializationContextImpl.java:963)
at
org.apache.axis.message.SAX2EventRecorder.replay(SAX2EventRecorder.java:198)
at
org.apache.axis.message.MessageElement.publishToHandler(MessageElement.java:722)
at
org.apache.axis.message.RPCElement.deserialize(RPCElement.java:233)
at
org.apache.axis.message.RPCElement.getParams(RPCElement.java:347)
at
org.apache.axis.client.Call.invoke(Call.java:2272)
at
org.apache.axis.client.Call.invoke(Call.java:2171)
at
org.apache.axis.client.Call.invoke(Call.java:1691)
at GetInfo.main(GetInfo.java:147)
Hi Ramesh,
I think you may need to add a <security-constraint> section to
the web.xml. The Weblogic console is quite good for playing about with
things like this (unfortunately I'm away from the office at the
moment). I also find Sun's DTD for web.xml a good reference for
things like this.
Basically, think of the Axis URLs as requiring username/password
authentication just as if they were standard HTML or JSP pages and secure
them using the deployment descriptor. Then the EJB access should work just
as you expected.
Hope this helps
Keith
-----Original Message-----
From: Bobba,
Ramesh [mailto:[EMAIL PROTECTED]
Sent: Thu
04/03/2004 16:59
To: '[EMAIL PROTECTED]'
Cc:
Subject: RE: EJB Authentication
Hi Keith,
I am using Weblogic right now (we also plan to support
websphere). I am a bit confused about what you mean by - replicating EJB
security constraints on the Axis servlet. Are you talking about adding
the
<security-role><role-name>somerole</role-name></security-role>
elements?
Thanks,
Ramesh.
Hi Ramesh,
What app server are you using now?
I've had authentication working using Axis on Weblogic and
JBoss in the past, though I do remember it was more complicated than I
expected. The call.setUsername() and call.setPassword() approach looks
fine from what I remember, but maybe that information is not being
passed on to the EJB container.
I seem to remember that what worked best was replicating the EJB
security constraints on the Axis servlet - i.e. adding them to
web.xml. That way, when the Axis EJB provider asks for an
InitialContext to do its lookup, it automatically presents the right
username/password settings to the EJB container.
Hope this helps
Keith
-----Original Message-----
From: Bobba,
Ramesh [mailto:[EMAIL PROTECTED]
Sent: Thu
04/03/2004 00:49
To: Axis-User (E-mail)
Cc:
Subject: EJB Authentication
Hi,
I get an java.rmi.AccessException
exception because the EJBs that the
WebService implementation
class is trying to use are username/password
protected. We were
using weblogic and with that, the client was able to
authenticate
by making
call:
call.setProperty("javax.xml.rpc.security.auth.username",
"username");
call.setProperty("javax.xml.rpc.security.auth.password",
"password");
I tried using both
the
call.setProperty(Call.USERNAME_PROPERTY,
"username")/call.setProperty(Call.PASSWORD_PROPERTY,
"password)
and
also
call.setUsername("username")/call.setPassword("password")
but
both don't seem to work as I still keep getting the
AccessException:
Security Violation User '<anonymous>' has
insufficient permission to access
EJB
Does anyone know how
to get around this
problem?
Thanks,
Ramesh.
|
GetInfo.java
Description: Binary data
FindDeviceResponse.java
Description: Binary data
