Asankha C. Perera wrote:
I was trying the example pointed out at : http://wso2.org/library/2989 with WSAS 2.1Is there any way for me to enable basic auth with http (NOT https - I don't care if the password can be decrypted)?
You cannot enforce basic authentication on services with WSAS.However we can easily implement this with a simple handler. (Basically we can re-factor the POXSecurityHandler to do the job [1].)
Also note that once I enable UT auth on https, the service no longer works on http and the REST call
HTTPS/BasicAuth enforcement in the REST interface of a service is a by product of applying HTTPS/UsernameToken authentication policy on that service. That policy enforces the use of HTTPS only and when the policy is assigned the HTTP transport will be disabled on that service.
"http://localhost:9762/services/echo/echoString?in=WSO2WSASRocks!!!"; results in the message "<ns:echoStringResponse xmlns:ns="http://echo.services.wsas.wso2.org";><return xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:nil="true" /></ns:echoStringResponse>" (not a denied error code or fault with a meaningful message)
IMHO this is the msg cached in your browser. I just tested this and I get the following response:
<Exception> org.apache.axis2.AxisFault: Authentication Failureat org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:162)
at org.apache.axis2.engine.Phase.invoke(Phase.java:292)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:212)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:132)
at
org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:125)
at
org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:119)
at
org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:799)
at
org.wso2.wsas.transport.WSASServlet.handleRestRequest(WSASServlet.java:149)
at org.wso2.wsas.transport.WSASServlet.doGet(WSASServlet.java:138)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at
org.wso2.adminui.AdminUIServletFilter.doFilter(AdminUIServletFilter.java:142)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:667)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:595)
</Exception>
Thanks,
Ruchith
[1]
https://wso2.org/repos/wso2/trunk/wsas/java/modules/core/src/org/wso2/wsas/security/pox/POXSecurityHandler.java
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Wsas-java-dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/wsas-java-dev
