Any thoughts on this? has anyone been successful in getting this to work? Thanks, David
David Robison wrote:
I have a web service that provides both web pages via a servlet and also SOAP services. I use basic authentication for the web pages and that works fine. I want the SOAP services to use the same authentication.
I've added the following to my wsdd:
<globalConfiguration>
<requestFlow>
<handler type="java:org.apache.axis.handlers.SimpleAuthenticationHandler"/>
<handler type="java:org.apache.axis.handlers.SimpleAuthorizationHandler"/>
<handler type="java:org.apache.axis.handlers.JWSHandler">
<parameter name="scope" value="session"/>
</handler>
<handler type="java:org.apache.axis.handlers.JWSHandler">
<parameter name="scope" value="request"/>
<parameter name="extension" value=".jwr"/>
</handler>
<handler type="log"/>
</requestFlow>
</globalConfiguration>
I've also set the init-param in the web.xml
<servlet>
<servlet-name>AxisServlet</servlet-name>
<display-name>Apache-Axis Servlet</display-name>
<servlet-class>org.apache.axis.transport.http.AxisServlet</servlet-class>
<init-param>
<param-name>use-servlet-security</param-name>
<param-value>1</param-value> </init-param> </servlet>
And in the same file, I define the security constraints
<security-constraint> <web-resource-collection> <web-resource-name>SecurePages</web-resource-name> <description>Security for OpenIMACCS site</description> <url-pattern>*.event</url-pattern> <http-method>POST</http-method> <http-method>GET</http-method> </web-resource-collection>
<auth-constraint> <role-name>User</role-name> </auth-constraint>
<user-data-constraint> <description>SSL not required</description> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint>
<login-config> <auth-method>BASIC</auth-method> </login-config>
<env-entry> <description>JNDI logging context for this webapp</description> <env-entry-name>log4j/logging-context</env-entry-name> <env-entry-value>OpenIMACCS</env-entry-value> <env-entry-type>java.lang.String</env-entry-type> </env-entry>
The realm is defined in the Server.xml as
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="org.postgresql.Driver"
connectionURL="jdbc:postgresql://localhost/OpenIMACCS"
connectionName="postgres" connectionPassword="postgres"
userTable="OpenIMACCS_users" userNameCol="user_name" userCredCol="user_pass"
userRoleTable="OpenIMACCS_user_roles" roleNameCol="role_name" />
However, when I try to call a SOAP service, I get the following error:
2964 [Thread-13] DEBUG org.apache.axis.transport.http.HTTPSender - POST /OpenIMACCS/services/MIMOSAReg HTTP/1.0
Content-Type: text/xml; charset=utf-8
Accept: application/soap+xml, application/dime, multipart/related, text/*
User-Agent: Axis/1.2alpha
Host: localhost:8080
Cache-Control: no-cache
Pragma: no-cache
SOAPAction: ""
Content-Length: 734
Authorization: Basic RGF2aWQ6Q29yaW5uZQ==
null
2974 [Thread-13] DEBUG org.apache.axis.transport.http.HTTPSender - HTTP/1.1 401 Unauthorized
2974 [Thread-13] DEBUG org.apache.axis.transport.http.HTTPSender - WWW-Authenticate Basic realm="AXIS"
It appears that the realm AXIS is incorrect. Am I reading it right? Any thoughts and ideas?
Thansk,
David Robison
--
David R Robison Open Roads Consulting, Inc. 708 S. Battlefield Blvd., Chesapeake, VA 23322 phone: (757) 546-3401 e-mail: [EMAIL PROTECTED] web: http://openroadsconsulting.com blog: http://therobe.blogspot.com
