RE: Enable HTTP Basic Authentication for soap service

Tue, 01 Jun 2004 05:28:52 -0700

Try using Axis rather than Apache SOAP:

http://ws.apache.org/axis

 

Anne

 

From: Sandip Satpathy [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 01, 2004 3:15 AM
To: [EMAIL PROTECTED]
Subject: Fw: Enable HTTP Basic Authentication for soap service

 

Hi,

 

Need some help to enable Basic HTTP Authentication for SOAP service (messaging). I am interested deploying the service in IBM WAS.

 

A article in http://www.soapuser.com/sb_02jul02.html explains about a possible approach to enable http basic authentication.

It says use a modified provider instead of the default one, in this case "MsgJavaProvider.class".

The trivial form of modified provider is written as follows:

 

/************MsgHTTPBasicAuthProvider.java***********************/

package mmssoap.soap.providers.jataayu ;

 

import java.io.* ;
import javax.servlet.* ;
import javax.servlet.http.* ;
import org.apache.soap.* ;
import org.apache.soap.rpc.* ;
import org.apache.soap.server.* ;
import org.apache.soap.server.http.* ;
import org.apache.soap.util.* ;
import org.apache.soap.encoding.soapenc.Base64;

 

public class MsgHTTPBasicAuthProvider implements Provider {
    protected  DeploymentDescriptor dd ;
    protected  Envelope             envelope ;
    protected  Call                 call ;
    protected  String               methodName ;
    protected  String               targetObjectURI ;
    protected  HttpServlet          servlet ;
    protected  HttpSession          session ;

    protected  Object               targetObject ;

    public void locate( DeploymentDescriptor dd,  Envelope env, Call call, String methodName, String targetObjectURI, SOAPContext reqContext) 

    throws SOAPException {

      HttpServlet servlet = (HttpServlet) reqContext.getProperty( Constants.BAG_HTTPSERVLET );
      HttpSession session = (HttpSession) reqContext.getProperty( Constants.BAG_HTTPSESSION );

      // BASIC AUTHENTICATION PART
      {
          HttpServletRequest rq = (HttpServletRequest) reqContext.getProperty(Constants.BAG_HTTPSERVLETREQUEST);
          try {
          String auth = rq.getHeader ("Authorization");
          auth = auth.substring (auth.indexOf (" "));
          String decoded = new String(Base64.decode(auth));
          int i = decoded.indexOf (":");
          String username = decoded.substring (0,i);
          String password = decoded.substring (i+1, decoded.length ());
          if (!fetchPasswordFromUser(username).equals(password))
              throw new SOAPException(Constants.FAULT_CODE_PROTOCOL,"Authentication failed");
          } catch (Exception e) {
              System.err.println ("Authentication Information Not Found. ERROR [" + e.getMessage () + "]") ;
              throw new SOAPException(Constants.FAULT_CODE_PROTOCOL, "Authentication failed");
          }
      }
      System.err.println ("Authentication SUCCESSFUL") ;

 

      this.dd              = dd ;
      this.envelope        = env ;
      this.call            = call ;
      this.methodName      = methodName ;
      this.targetObjectURI = targetObjectURI ;
      this.servlet         = servlet ;
      this.session         = session ;

 

      ServletConfig  config  = servlet.getServletConfig();
      ServletContext context = config.getServletContext ();
      ServiceManager serviceManager =
        ServerHTTPUtils.getServiceManagerFromContext (context);

 

      // Default processing for 'java' and 'script' providers..  call on a valid method name?
      if (!MessageRouter.validMessage (dd, methodName)) {
        throw new SOAPException (Constants.FAULT_CODE_SERVER,  "Method '" + methodName + "' is not supported.");
      }

      // get at the target object
      targetObject = ServerHTTPUtils.getTargetObject(serviceManager,  dd, targetObjectURI, servlet, session, reqContext, context);
    };
    public void invoke(SOAPContext reqContext, SOAPContext resContext)
               throws SOAPException {   // invoke the method on the target object
      try {
        MessageRouter.invoke( dd, envelope, targetObject, methodName, reqContext, resContext ); // Line 149
      }
      catch( Exception e ) {
        if ( e instanceof SOAPException ) throw (SOAPException ) e ;
        e.printStackTrace( System.err) ;
        throw new SOAPException( Constants.FAULT_CODE_SERVER, e.toString() );
      }
    };

 

    public String fetchPasswordFromUser (String UserName)
    {// expecting username and password to be same 
        return UserName ;
    };
};
/************************** END *************************/

 

The service is deployed with changed Deployment desciptor:

/************************** dds.xml **********************/

<root>
<isd:service xmlns:isd="http://xml.apache.org/xml-soap/deployment" id="urn:mm7interface" type="message" checkMustUnderstands="false">
   <isd:provider type="mmssoap.soap.providers.jataayu.MsgHTTPBasicAuthProvider" scope="Application" methods="MyMethod">
     <isd:java class="mmssoap.server.Interface" static="false"/>
   </isd:provider>
   <isd:faultListener>org.apache.soap.server.DOMFaultListener</isd:faultListener></isd:service>
</root>  

/************************** END ************************/

 

Now when the client sends a request, the authentication is performed. However on success I am getting "ClassCastException"

 

<?xml version='1.0' encoding='UTF-8'?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>SOAP-ENV:Server</faultcode>
<faultstring>Exception from service object: mmssoap.server.MM7Interface</faultstring>
<faultactor>/mm7soap/servlet/messagerouter</faultactor>
<detail>
<stackTrace>java.lang.ClassCastException: mmssoap.server.MM7Interface
    at org.apache.soap.server.InvokeBSF.service(InvokeBSF.java:116)
    at java.lang.reflect.Method.invoke(Native Method)
    at org.apache.soap.server.MessageRouter.invoke(MessageRouter.java:68)
    at mmssoap.soap.providers.jataayu.MsgHTTPBasicAuthProvider.invoke(MsgHTTPBasicAuthProvider.java:149)
    at org.apache.soap.server.http.MessageRouterServlet.doPost(MessageRouterServlet.java:268)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
    at com.ibm.servlet.engine.webapp.StrictServletInstance.doService(ServletManager.java:827)
    at com.ibm.servlet.engine.webapp.StrictLifecycleServlet._service(StrictLifecycleServlet.java:159)
    :

    :

    :

</stackTrace></detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>

 

Can some tell me what has gone wrong and how to fix it ?

 

Regards,

 

- Sandip

 

 

 

 

 

 

 

 

 

 

 

----- Original Message -----

Sent: Thursday, December 21, 2000 6:12 AM

Subject: Enable Basic Authentication

 

May be a off the track question..

Can some one help me ?

 

I have a soap application deployed in websphere 4.0. How can I enable "basic authentication" for all the HTTP request to "messagerouter" ?

 

So far I have tried following steps :(Steps as described in the advanced edition handbook)

1. in AAT right click on Web Module and select properties

2. select the "advanced" tab

3. select the "login configuration" check box.

4. Set the authentication method to "Basic"

5. Set the Realm Name to "mm7soap"

6. Save / Update the ear.

 

How ever after redeploying the service a GET request to the "messagerouter" from browser is not prompting me for user id and password.

 

 

Pls help.

 

Regards,

 

- sandip

Reply via email to