axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel Chisholm" <>
Subject Basic Authorization: Password is ignored.
Date Thu, 25 Apr 2002 05:40:55 GMT

I would like to use Basic Authorization with Axis beta 1 running on Tomcat
4.0.3.  My operating system is Windows 2000.  I have a service that just
echoes a string back to the client.  If I point a browser at the service, I
will be asked for a User ID and Password, so it appears that Tomcat
understands what I am trying to do.  Unfortunately, Axis appears to allow
the Axis client to invoke the service even with an incorrect password.
Therefore, I assume that Axis is not aware of my intent to use Basic
Authorization.  I am new to Web Services and Axis so my error is probably
something very basic and obvious.

I added the following elements to the file

      <display-name>Apache-Axis Servlet</display-name>



       <web-resource-name>Protected Area</web-resource-name>
       <!-- Define the context-relative URL(s) to be protected -->
       <!-- Anyone with one of the listed roles may access this area -->

    <realm-name>Protected Area</realm-name>

The deploy.wsdd file is as follows.

<deployment xmlns=""

 <service name="services/protect/MyService" provider="java:RPC">
  <parameter name="className" value="services/protect.MyService"/>
  <parameter name="allowedMethods" value="*"/>

The client sends the following SOAP Message.  Note: the password sent by the
client is not correct, but Axis invoked the service anyway.

POST /axis/servlet/AxisServlet HTTP/1.0

Content-Length: 525

Host: localhost

Content-Type: text/xml; charset=utf-8

Authorization: Basic TXlDdXN0b21lcjpYWFg=
SOAPAction: ""

<?xml version="1.0" encoding="UTF-8"?>
  <ns1:serviceMethod xmlns:ns1="services/protect/MyService">
   <arg1 xsi:type="xsd:string">Test</arg1>

I'm doing this test using the MemoryRealm.  The following is from

<Realm className="org.apache.catalina.realm.MemoryRealm" />

I added the following to %TOMCAT_HOME%/conf/tomcat-users.xml.

<user name="MyCustomer"   password="MyCustomer" roles="MyCustomer" />

I assume that I did not configure Axis correctly.  Is there an obvious error


View raw message