[JBoss-user] How to secure SOAP services

Thu, 06 Jun 2002 13:35:21 -0700 

Hello,

I have a problem with SOAP security using JBoss 3.0 and I hope you can help
me:

I have a secured EJB and I deployed a few of its methods as web services.
All my non web service calls worked as expected, i.e. users are
authenticated and authorized.  However, I could not get it to work from a
soap call in a client java program:

            URL url = new URL
("http://localhost:8080/soap/servlet/rpcrouter";);
            SOAPHTTPConnection http = new SOAPHTTPConnection();
            http.setUserName("bruce");
            http.setPassword("arthur");
            Call call = new Call();
            call.setSOAPTransport(http);
            call.setEncodingStyleURI(Constants.NS_URI_SOAP_ENC);
            call.setTargetObjectURI ("urn:ApplianceDiscovery");
            call.setMethodName ("getAllAppliances");
            Response resp = call.invoke(url, "" );

I kept getting principal = null.  Since my client app is not a web
application, where should I put my web.xml?  It looks like this:

<web-app>

  <servlet>
    <servlet-name>rpcrouter</servlet-name>
 
<servlet-class>org.apache.soap.server.http.RPCRouterServlet</servlet-class>
    <init-param>
        <param-name>faultListener</param-name>
        <param-value>org.apache.soap.server.DOMFaultListener</param-value>
    </init-param>
  </servlet>
  <servlet-mapping>
    <servlet-name>rpcrouter</servlet-name>
    <url-pattern>/soap/rpcrouter</url-pattern>
  <servlet-mapping>

  <!-- Define a Security Constraint on this Application -->
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Entire Trafalgar Application</web-resource-name>
      <url-pattern>/*</url-pattern>
      <http-method>HEAD</http-method>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      <http-method>PUT</http-method>
      <http-method>DELETE</http-method>
    </web-resource-collection>
    <auth-constraint>
       <role-name>Managers</role-name>
    </auth-constraint>
    <user-data-constraint>
        <transport-guarantee>NONE</transport-guarantee>
    </user-constraint>
  </security-constraint>

  <!-- Define the Login Configuration for this Application -->
  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Trafalgar Application</realm-name>
  </login-config>

  <security-role>
    <role-name>Managers</role-name>
  </security-role>

</web-app>

Thanks in advance,
Fee


_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to