Getting Tomcat Realm security working with Axis

Tue, 30 Nov 2004 11:00:53 -0800

I have a web service that provides both web pages via a servlet and also SOAP services. I use basic authentication for the web pages and that works fine. I want the SOAP services to use the same authentication.

I've added the following to my wsdd:

<globalConfiguration>
<requestFlow>
<handler type="java:org.apache.axis.handlers.SimpleAuthenticationHandler"/>
<handler type="java:org.apache.axis.handlers.SimpleAuthorizationHandler"/>
<handler type="java:org.apache.axis.handlers.JWSHandler">
<parameter name="scope" value="session"/>
</handler>
<handler type="java:org.apache.axis.handlers.JWSHandler">
<parameter name="scope" value="request"/>
<parameter name="extension" value=".jwr"/>
</handler>
<handler type="log"/>
</requestFlow>
</globalConfiguration>

I've also set the init-param in the web.xml

<servlet>
<servlet-name>AxisServlet</servlet-name>
<display-name>Apache-Axis Servlet</display-name>
<servlet-class>org.apache.axis.transport.http.AxisServlet</servlet-class>
<init-param>
<param-name>use-servlet-security</param-name>
<param-value>1</param-value> </init-param> </servlet>

And in the same file, I define the security constraints

   <security-constraint>
          <web-resource-collection>
           <web-resource-name>SecurePages</web-resource-name>
           <description>Security for OpenIMACCS site</description>
           <url-pattern>*.event</url-pattern>
           <http-method>POST</http-method>
           <http-method>GET</http-method>
          </web-resource-collection>

       <auth-constraint>
           <role-name>User</role-name>
       </auth-constraint>

       <user-data-constraint>
           <description>SSL not required</description>
           <transport-guarantee>NONE</transport-guarantee>
       </user-data-constraint>
   </security-constraint>

   <login-config>
       <auth-method>BASIC</auth-method>
   </login-config>

   <env-entry>
       <description>JNDI logging context for this webapp</description>
       <env-entry-name>log4j/logging-context</env-entry-name>
       <env-entry-value>OpenIMACCS</env-entry-value>
       <env-entry-type>java.lang.String</env-entry-type>
   </env-entry>

The realm is defined in the Server.xml as

<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="org.postgresql.Driver"
connectionURL="jdbc:postgresql://localhost/OpenIMACCS"
connectionName="postgres" connectionPassword="postgres"
userTable="OpenIMACCS_users" userNameCol="user_name" userCredCol="user_pass"
userRoleTable="OpenIMACCS_user_roles" roleNameCol="role_name" />

However, when I try to call a SOAP service, I get the following error:

2964 [Thread-13] DEBUG org.apache.axis.transport.http.HTTPSender - POST /OpenIMACCS/services/MIMOSAReg HTTP/1.0
Content-Type: text/xml; charset=utf-8
Accept: application/soap+xml, application/dime, multipart/related, text/*
User-Agent: Axis/1.2alpha
Host: localhost:8080
Cache-Control: no-cache
Pragma: no-cache
SOAPAction: ""
Content-Length: 734
Authorization: Basic RGF2aWQ6Q29yaW5uZQ==

null
2974 [Thread-13] DEBUG org.apache.axis.transport.http.HTTPSender - HTTP/1.1 401 Unauthorized
2974 [Thread-13] DEBUG org.apache.axis.transport.http.HTTPSender - WWW-Authenticate Basic realm="AXIS"


It appears that the realm AXIS is incorrect. Am I reading it right? Any thoughts and ideas?
Thansk,
David Robison

--

David R Robison
Open Roads Consulting, Inc.
708 S. Battlefield Blvd., Chesapeake, VA 23322
phone: (757) 546-3401
e-mail: [EMAIL PROTECTED]
web: http://openroadsconsulting.com
blog: http://therobe.blogspot.com

Reply via email to