Fw: Enable HTTP Basic Authentication for soap service

[Sandip Satpathy]

Hi,   Need some help to enable Basic HTTP Authentication for SOAP service (messaging). I am interested deploying the service in IBM WAS.   A article in http://www.soapuser.com/sb_02jul02.html explains about a possible approach to enable http basic authentication. It says use a modified provider instead of the default one, in this case "MsgJavaProvider.class". The trivial form of modified provider is written as follows:   /************MsgHTTPBasicAuthProvider.java***********************/ package mmssoap.soap.providers.jataayu ;   import java.io.* ; import javax.servlet.* ; import javax.servlet.http.* ; import org.apache.soap.* ; import org.apache.soap.rpc.* ; import org.apache.soap.server.* ; import org.apache.soap.server.http.* ; import org.apache.soap.util.* ; import org.apache.soap.encoding.soapenc.Base64;   public class MsgHTTPBasicAuthProvider implements Provider {     protected  DeploymentDescriptor dd ;     protected  Envelope             envelope ;     protected  Call                 call ;     protected  String               methodName ;     protected  String               targetObjectURI ;     protected  HttpServlet          servlet ;     protected  HttpSession          session ;     protected  Object               targetObject ;     public void locate( DeploymentDescriptor dd,  Envelope env, Call call, String methodName, String targetObjectURI, SOAPContext reqContext)      throws SOAPException {       HttpServlet servlet = (HttpServlet) reqContext.getProperty( Constants.BAG_HTTPSERVLET );       HttpSession session = (HttpSession) reqContext.getProperty( Constants.BAG_HTTPSESSION );       // BASIC AUTHENTICATION PART       {           HttpServletRequest rq = (HttpServletRequest) reqContext.getProperty(Constants.BAG_HTTPSERVLETREQUEST);           try {           String auth = rq.getHeader ("Authorization");           auth = auth.substring (auth.indexOf (" "));           String decoded = new String(Base64.decode(auth));           int i = decoded.indexOf (":");           String username = decoded.substring (0,i);           String password = decoded.substring (i+1, decoded.length ());           if (!fetchPasswordFromUser(username).equals(password))               throw new SOAPException(Constants.FAULT_CODE_PROTOCOL,"Authentication failed");           } catch (Exception e) {               System.err.println ("Authentication Information Not Found. ERROR [" + e.getMessage () + "]") ;               throw new SOAPException(Constants.FAULT_CODE_PROTOCOL, "Authentication failed");           }       }       System.err.println ("Authentication SUCCESSFUL") ;         this.dd              = dd ;       this.envelope        = env ;       this.call            = call ;       this.methodName      = methodName ;       this.targetObjectURI = targetObjectURI ;       this.servlet         = servlet ;       this.session         = session ;         ServletConfig  config  = servlet.getServletConfig();       ServletContext context = config.getServletContext ();       ServiceManager serviceManager =         ServerHTTPUtils.getServiceManagerFromContext (context);         // Default processing for 'java' and 'script' providers..  call on a valid method name?       if (!MessageRouter.validMessage (dd, methodName)) {         throw new SOAPException (Constants.FAULT_CODE_SERVER,  "Method '" + methodName + "' is not supported.");       }       // get at the target object       targetObject = ServerHTTPUtils.getTargetObject(serviceManager,  dd, targetObjectURI, servlet, session, reqContext, context);     };     public void invoke(SOAPContext reqContext, SOAPContext resContext)                throws SOAPException {   // invoke the method on the target object       try {         MessageRouter.invoke( dd, envelope, targetObject, methodName, reqContext, resContext ); // Line 149       }       catch( Exception e ) {         if ( e instanceof SOAPException ) throw (SOAPException ) e ;         e.printStackTrace( System.err) ;         throw new SOAPException( Constants.FAULT_CODE_SERVER, e.toString() );       }     };       public String fetchPasswordFromUser (String UserName)     {// expecting username and password to be same          return UserName ;     }; }; /************************** END *************************/   The service is deployed with changed Deployment desciptor: /************************** dds.xml **********************/ <root> <isd:service xmlns:isd="http://xml.apache.org/xml-soap/deployment" id="urn:mm7interface" type="message" checkMustUnderstands="false">    <isd:provider type="mmssoap.soap.providers.jataayu.MsgHTTPBasicAuthProvider" scope="Application" methods="MyMethod">      <isd:java class="mmssoap.server.Interface" static="false"/>    </isd:provider>    <isd:faultListener>org.apache.soap.server.DOMFaultListener</isd:faultListener></isd:service> </root>   /************************** END ************************/   Now when the client sends a request, the authentication is performed. However on success I am getting "ClassCastException"   <?xml version='1.0' encoding='UTF-8'?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <SOAP-ENV:Body> <SOAP-ENV:Fault> <faultcode>SOAP-ENV:Server</faultcode> <faultstring>Exception from service object: mmssoap.server.MM7Interface</faultstring> <faultactor>/mm7soap/servlet/messagerouter</faultactor> <detail> <stackTrace>java.lang.ClassCastException: mmssoap.server.MM7Interface     at org.apache.soap.server.InvokeBSF.service(InvokeBSF.java:116)     at java.lang.reflect.Method.invoke(Native Method)     at org.apache.soap.server.MessageRouter.invoke(MessageRouter.java:68)     at mmssoap.soap.providers.jataayu.MsgHTTPBasicAuthProvider.invoke(MsgHTTPBasicAuthProvider.java:149)     at org.apache.soap.server.http.MessageRouterServlet.doPost(MessageRouterServlet.java:268)     at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)     at com.ibm.servlet.engine.webapp.StrictServletInstance.doService(ServletManager.java:827)     at com.ibm.servlet.engine.webapp.StrictLifecycleServlet._service(StrictLifecycleServlet.java:159)     :     :     : </stackTrace></detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>   Can some tell me what has gone wrong and how to fix it ?   Regards,   - Sandip                       ----- Original Message ----- From: Sandip Satpathy To: [EMAIL PROTECTED] Sent: Thursday, December 21, 2000 6:12 AM Subject: Enable Basic Authentication May be a off the track question.. Can some one help me ?   I have a soap application deployed in websphere 4.0. How can I enable "basic authentication" for all the HTTP request to "messagerouter" ?   So far I have tried following steps :(Steps as described in the advanced edition handbook) 1. in AAT right click on Web Module and select properties 2. select the "advanced" tab 3. select the "login configuration" check box. 4. Set the authentication method to "Basic" 5. Set the Realm Name to "mm7soap" 6. Save / Update the ear.   How ever after redeploying the service a GET request to the "messagerouter" from browser is not prompting me for user id and password.     Pls help.   Regards,   - sandip