On Oct 31, 2007, at 9:37 AM, Neerup wrote:
Hi...
I'm creating webservices withe JAX-WS and deploying them to a
Geronimo2
server..
These webservices need a name and a password for calling som
business logic.
Today i'm just making the 2 first parameters user and password, and
this
works, but not a very pretty interface for at webservice, so I want
to use
Basic Auth.
I can configure this by creating a Custom LoginModule and
Principals and use
them.. and this works.
But I still need the password for my business logic.
I'm curious as to why. This is AFAIK rather unusual. If you need to
propagate the credentials from the caller on to some other service
you call that may well be possible without involving your business
logic.
How do I get the password from the basic auth for my businesslogic
in my
webservices ?
You need to
1. put the password into the Subject as a private credential. We
have a couple ways to do this such as the
org.apache.geronimo.security.jaas.NamedUPCredentialLoginModule or if
you are sure you will never supply other credentials the
org.apache.geronimo.security.jaas.UPCredentialLoginModule. We have
some stuff set up so you can specify a
NamedUsernamePasswordCredential by name from the Subject when you
call a further web service.
2. in your code that needs the credentials, get the subject by
calling (Subject)javax.security.jacc.PolicyContext.getContext
("javax.security.auth.Subject.container"); and looking in the private
credentials for the one installed by the login module.
I tried using the @Resource with WebserviceContext but a call to
context.getUserPrincipel() just returnes a JAASTomcatPrincipal not
my own
Custom Principal so no password :(
Is there any way I can deploy the Custom LoginModule jar within the
war/ear?
that should work without problems, what is happening that you ask?
thanks
david jencks
Can anybody help me ?
Current config:
web.xml:
...
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>thn</realm-name>
</login-config>
...
Geronimo-web.xml:
...
<security-realm-name>thn</security-realm-name>
<security>
<default-principal realm-name="thn">
<principal class="dk.eg.login.MyPrincipal" name="nobody"/>
</default-principal>
<role-mappings>
<role role-name="manager">
<realm realm-name="thn">
<!--<principal class="dk.eg.login.MyPrincipal"
name="system" designated-run-as="true"/> -->
<principal class="dk.eg.login.MyGroupPrincipal"
name="manager" designated-run-as="true"/>
</realm>
</role>
</role-mappings>
</security>
...
Geronimo-application.xml:
<dep:gbean name="ttt"
class="org.apache.geronimo.security.realm.GenericSecurityRealm"
xsi:type="dep:gbeanType"
xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
<dep:attribute name="realmName">thn</dep:attribute>
<dep:reference name="ServerInfo">
<dep:name>ServerInfo</dep:name>
</dep:reference>
<dep:xml-reference name="LoginModuleConfiguration">
<log:login-config
xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-2.0";>
<log:login-module control-flag="REQUIRED"
wrap-principals="false">
<log:login-domain-name>thn</log:login-domain-name>
<log:login-module-class>dk.eg.login.MyLoginModule</log:login-module-
class>
</log:login-module>
</log:login-config>
</dep:xml-reference>
</dep:gbean>
--
View this message in context: http://www.nabble.com/Basic-Auth-
passwords-in-webservices-tf4726213s134.html#a13513287
Sent from the Apache Geronimo - Users mailing list archive at
Nabble.com.
