axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John Gregg" <john.gr...@techarch.com>
Subject RE: Base security problem
Date Tue, 02 Jul 2002 13:48:59 GMT
It sounds like your web.xml file is not configured properly to require a
user to login before accessing your service.  You need a security-constraint
block in web.xml like this:

  <security-constraint>
    <display-name>MyService</display-name>
    <web-resource-collection>
      <web-resource-name>MyService's Protected Area</web-resource-name>
      <url-pattern>/axis/MyService.jws</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>someRole</role-name>
    </auth-constraint>
  </security-constraint>

Look at the servlet spec for more detailed information.  When your servlet
container sees someone trying to access this url, it will require login with
whatever method you specified.

john


-----Original Message-----
From: axis-user-return-4991-john.gregg=techarch.com@xml.apache.org
[mailto:axis-user-return-4991-john.gregg=techarch.com@xml.apache.org]On
Behalf Of Piotr Szymanski
Sent: Tuesday, July 02, 2002 8:27 AM
To: axis-user@xml.apache.org
Subject: RE: Base security problem


>Hi,
>after installing Tomcat, the MemoryRealm is set to default.
Yes. You are right (I have set to default), but why server don't extract
password from my client program?

I have simple class with method returned string "OK" - if called properly. I
save this class in main
folder of axis (%tomcat\webapps\axis\MyService.jws) with jws extension file.
When I invoking this class without set user and password properties in call
object I expecting that server will checking password during access to
instace this class. Unfortunately I getting response from my class. It is
meaning that I got
properly access to my class without any password and user!

What is wrong with my configuration. I think solution is simple.
How I can bolck access to my service?
Regards
Peter.





Mime
View raw message