All geek questions in one place

Glassfish, EJB3, SOAP Web Service and Basic Authentication

I am creating a glass fish server with one EJB3 as the focus for POC. Everything worked fine until I added basic authentication. Just pay the userid text and password, nothing complicated for this job. I added the following annotations to EJB:

@WebService(name = "Banking", serviceName = "Banking", targetNamespace = BANKING_NAMESPACE)
@DeclareRoles("user")
@Stateless
public class Banking {
    ...

    @RolesAllowed("user")
    @SOAPBinding(parameterStyle = ParameterStyle.BARE)
    @WebMethod(action = BANKING_NAMESPACE + "/logon", operationName = "logon")
    @WebResult(targetNamespace = XmlStrings.BANKING_MODEL_NAMESPACE)
    public LogonResponse logon(@WebParam(targetNamespace = XmlStrings.BANKING_MODEL_NAMESPACE) Logon request) throws WebServiceException {
     ...
    }
}

According to what I read in the EJB3 specification, this is pretty often used for a SOAP web service.

However, when I submit this xml:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:mod="http://www.dhcbank.com/banking/model">
    <soapenv:Header>
        <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <wsse:UsernameToken wsu:Id="UsernameToken-79" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
                <wsse:Username>fred</wsse:Username>
                <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">fred</wsse:Password>
            </wsse:UsernameToken>
        </wsse:Security>
    </soapenv:Header>
    <soapenv:Body>
        <mod:logon/>
    </soapenv:Body>
</soapenv:Envelope>

I get the following error as a SOAP error:

java.lang.Exception: Client not authorized for invocation of public com.dhcbank.www.banking.schema.LogonResponse com.dhcbank.www.banking.Banking.logon(com.dhcbank.www.banking.schema.Logon) throws javax.xml.ws.WebServiceException

And in a fiberglass magazine:

[#|2010-10-10T12:49:27.497+1100|INFO|glassfish3.0.1|javax.enterprise.system.core.security|_ThreadID=41;_ThreadName=http-thread-pool-8080-(2);|JACC Policy Provider: Failed Permission Check, context(BankingEAR/Banking_war_internal)- permission((javax.security.jacc.EJBMethodPermission Banking logon,ServiceEndpoint,com.dhcbank.www.banking.schema.Logon))|#]

In the Glassfish admin screens, I added the user fred with the password fred and assigned it to user groups. But that did not work.

I read a few more articles that suggested creating the sun-ejb-jar.xml file and adding it to the ear file. So I created it with this content:

<sun-ejb-jar>
    <enterprise-beans>
        <ejb>
            <ejb-name>Banking</ejb-name>
            <webservice-endpoint>
                <port-component-name>Banking</port-component-name>
                    <login-config>
                        <auth-method>BASIC</auth-method>
                        <realm>file</realm>
                </login-config>
            </webservice-endpoint>               
        </ejb>
    </enterprise-beans>
</sun-ejb-jar>

, . , , port-component-name. , .

, , . - , ?

+3
2

, "" - ? :

<sun-ejb-jar>
   <security-role-mapping>
     <role-name>user</role-name>
     <group-name>filerealm-group-name</group-name>
   </security-role-mapping>
   ...
+2

, HTTP- . , SOAP, JAX-WS-, JAX-WS FAQ :

Q. JAX-WS?

:

HelloService service = new HelloService();
Hello proxy = (service.getHelloPort());
((BindingProvider)proxy).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "userfoo");
((BindingProvider)proxy).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "passbar");

USERNAME_PROPERTY, PASSWORD_PROPERTY . , , WSDL 401. .

  • java.net.Authenticator .
  • WSDL . jax-ws.
  • web.xml, GET .

, usernametoken , - SOAP, .

, BASIC.

.

+1

Source: https://habr.com/ru/post/1768809/

More articles:


All Articles