G'day all,
I'm trying to expose an EJB3 stateless session bean as a webservice, and I'm
running into problems with authentication. If I leave all security
considerations out, the bean exposes nicely, and I can interact with it using
soapUI or a standalone Java client. However, when I start trying to add
declarative security, things start falling over.
I have specified a security domain for the SEI, using the
@SecurityDomain("myDomain") annotation. I've also modified the
conf/login-config.xml file to include the following entry for this domain (I've
also created the user and role files as specified):
| <application-policy name="webcrawler">
| <authentication>
| <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
| flag="required">
| <module-option
name="usersProperties">props/webcrawler-users.properties</module-option>
| <module-option
name="rolesProperties">props/webcrawler-roles.properties</module-option>
| <!--<module-option
name="unauthenticatedIdentity">anonymous</module-option>-->
| </login-module>
| </authentication>
| </application-policy>
|
The unauthenticatedIdentity line worked as advertised, however I commented it
out since I really don't want unauthenticated access.
As near as I can tell, since I'm using annotations, this should be sufficient
to set up the server to authenticate access (my web methods are unchecked to
keep things simple, however I'm using the getCallerPrincipal().getName() and
isUserInRole() methods to test authentication).
This is where things start to get confused. I guess I have two questions:
1) Is it possible to authenticate on a per-request basis, or is it necessary to
establish a login context on the client side somehow and export it to the
server? The reason I ask is that I'd like to do load-testing using soapUI,
which only seems to support per-request information by attaching
username/password information as request headers to the SOAP message.
2) What would be the simplest way to authenticate a standalone client, not
running inside an app-server? My current client-side approach involves
including and compiling wstools-generated stubs, then using the following code
to establish a connection:
URL url = null;
| try {
| url = new URL("http://localhost:8080/crawler/WatchListManager?wsdl";);
| } catch (MalformedURLException e) {
| e.printStackTrace();
| }
| QName qname = new
QName("http://servercontroller.application.server.webcrawler.thedistillery.com.au/jaws";,
| "WatchListManagerInterfaceService");
| ServiceFactory factory = null;
| Service service = null;
| try {
| factory = ServiceFactory.newInstance();
| service = factory.createService(url, qname);// create service
| } catch (ServiceException se) {
| System.out.println("Couldn't create service");
| }
|
| WatchListManagerInterface cm = null;
| try {
| cm = (WatchListManagerInterface)
service.getPort(WatchListManagerInterface.class);
|
| } catch (ServiceException e1) {
| e1.printStackTrace();
| }
Apologies if I'm missing something really basic, but I've been slamming my head
against a wall for days now. :) Any help would be extremely appreciated.
James
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3995174#3995174
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3995174
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user
