JbossWS username authentication not working
bkenison Feb 26, 2010 12:59 PMI am having trouble getting my webservice to authenticate the username/password sent in the wsse header. I am using Pramod's example code. The service works just fine, it returns the expected "Hello: Pramod" string. However, it works regardless of what username/password is sent. So obviously, the authentication is not happening. I have looked all over for a solution and can't figure out where the problem is. Any suggestions would be greatly appreciated as I need to put some level of security on this webservice. The users of this service aren't very techo-savvy, so I'd prefer not to require them to use a certificate. Username/password is just what we want.
Using Jboss 4.2.3.GA
login-config.xml (located in jboss/server/default/conf):
<application-policy name="JBossWS">
<authentication>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required">
<module-option name="usersProperties">props/jbossws-users.properties</module-option>
<module-option name="rolesProperties">props/jbossws-roles.properties</module-option>
<module-option name="unauthenticatedIdentity">anonymous</module-option>
</login-module>
</authentication>
</application-policy>
jbossws-users.properties (located in jboss/server/default/conf/props):
# A sample users.properties file for use with the UsersRolesLoginModule
kermit=thefrog
jboss-wsse-server.xml:
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jboss.com/ws-security/config
http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
<config>
<timestamp ttl="300"/>
<requires>
<username/>
</requires>
</config>
</jboss-ws-security>
Service:
@Stateless
@WebService
(name="TestWSEJB",
targetNamespace = "http://localhost:8080/uttestservice",
serviceName = "TestWSEJBService")
@SOAPBinding(style = SOAPBinding.Style.DOCUMENT)
@EndpointConfig(configName = "Standard WSSecurity Endpoint")
@SecurityDomain("JBossWS")
public class TestWSEJB {
@Resource
WebServiceContext wsContext;
@WebMethod
public String ping (String name)
{
MessageContext msgCtx = (MessageContext)wsContext.getMessageContext();
try
{
System.out.println(msgCtx);
SOAPMessage soapMessage = ((SOAPMessageContext)msgCtx).getMessage();
soapMessage.writeTo(System.out);
System.out.println("");
} catch (Exception se) { se.printStackTrace();}
return "Hello : " + name;
}
}
jboss-wsse-client.xml:
<?xml version="1.0" encoding="UTF-8"?>
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
<config>
<username />
</config>
</jboss-ws-security>
Client Interface:
/**
* This class was generated by the JAX-WS RI.
* JAX-WS RI 2.1.1-b03-
* Generated source version: 2.0
*
*/
@WebService(name = "TestWSEJB", targetNamespace = "http://localhost:8080/uttestservice")
public interface TestWSEJB {
/**
*
* @param arg0
* @return
* returns java.lang.String
*/
@WebMethod
@WebResult(targetNamespace = "")
@RequestWrapper(localName = "ping", targetNamespace = "http://localhost:8080/uttestservice", className = "test.Ping")
@ResponseWrapper(localName = "pingResponse", targetNamespace = "http://localhost:8080/uttestservice", className = "test.PingResponse")
public String ping(
@WebParam(name = "arg0", targetNamespace = "")
String arg0);
}
Client Test:
public class TestWSClient {
public static void main(String[] args) {
try {
TestWSClient client = new TestWSClient();
client.doTest(args);
} catch(Exception e) {
e.printStackTrace();
}
}
public void doTest(String[] args) {
try {
URL url = new URL("http://localhost:8080/uttestservice?wsdl");
QName qn = new QName("http://localhost:8080/uttestservice","TestWSEJBService");
Service s = Service.create(url, qn);
TestWSEJB port = s.getPort(TestWSEJB.class);
URL securityURL = new File("jboss-wsse-client.xml").toURL();
((StubExt)port).setSecurityConfig(securityURL.toExternalForm());
((StubExt)port).setConfigName("Standard WSSecurity Client");
((BindingProvider)port).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "kermitabc");;
((BindingProvider)port).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "thefrogdef");;
System.out.println("Invoking the sayHello operation on the port.");
String response = port.ping("Pramod") ;
System.out.println(response);
} catch(Exception e) {
e.printStackTrace();
}
}
}