axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel Chisholm" <danchish...@attbi.com>
Subject Basic Authorization: Password is ignored.
Date Thu, 25 Apr 2002 05:40:55 GMT

I would like to use Basic Authorization with Axis beta 1 running on Tomcat
4.0.3.  My operating system is Windows 2000.  I have a service that just
echoes a string back to the client.  If I point a browser at the service, I
will be asked for a User ID and Password, so it appears that Tomcat
understands what I am trying to do.  Unfortunately, Axis appears to allow
the Axis client to invoke the service even with an incorrect password.
Therefore, I assume that Axis is not aware of my intent to use Basic
Authorization.  I am new to Web Services and Axis so my error is probably
something very basic and obvious.

I added the following elements to the file
%TOMCAT_HOME%\webapps\axis\WEB-INF\web.xml

  <servlet>
      <servlet-name>AxisServletProtected</servlet-name>
      <display-name>Apache-Axis Servlet</display-name>

<servlet-class>org.apache.axis.transport.http.AxisServlet</servlet-class>
  </servlet>

    <servlet-mapping>
      <servlet-name>AxisServletProtected</servlet-name>
      <url-pattern>services/protect/*</url-pattern>
    </servlet-mapping>

  <security-constraint>
    <web-resource-collection>
       <web-resource-name>Protected Area</web-resource-name>
       <!-- Define the context-relative URL(s) to be protected -->
       <url-pattern>/services/protect/*</url-pattern>
       <http-method>DELETE</http-method>
       <http-method>GET</http-method>
       <http-method>POST</http-method>
       <http-method>PUT</http-method>
    </web-resource-collection>
    <auth-constraint>
       <!-- Anyone with one of the listed roles may access this area -->
       <role-name>MyCustomer</role-name>
    </auth-constraint>
  </security-constraint>

  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Protected Area</realm-name>
  </login-config>


The deploy.wsdd file is as follows.

<deployment xmlns="http://xml.apache.org/axis/wsdd/"
            xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">

 <service name="services/protect/MyService" provider="java:RPC">
  <parameter name="className" value="services/protect.MyService"/>
  <parameter name="allowedMethods" value="*"/>
 </service>
</deployment>

The client sends the following SOAP Message.  Note: the password sent by the
client is not correct, but Axis invoked the service anyway.


POST /axis/servlet/AxisServlet HTTP/1.0

Content-Length: 525

Host: localhost

Content-Type: text/xml; charset=utf-8

Authorization: Basic TXlDdXN0b21lcjpYWFg=
SOAPAction: ""



<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope
SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/">
 <SOAP-ENV:Body>
  <ns1:serviceMethod xmlns:ns1="services/protect/MyService">
   <arg1 xsi:type="xsd:string">Test</arg1>
  </ns1:serviceMethod>
 </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

I'm doing this test using the MemoryRealm.  The following is from
%TOMCAT_HOME%/conf/server.xml.

<Realm className="org.apache.catalina.realm.MemoryRealm" />


I added the following to %TOMCAT_HOME%/conf/tomcat-users.xml.

<user name="MyCustomer"   password="MyCustomer" roles="MyCustomer" />

I assume that I did not configure Axis correctly.  Is there an obvious error
here?

Dan


Mime
View raw message