axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Robison <drrobi...@openroadsconsulting.com>
Subject Re: Getting Tomcat Realm security working with Axis
Date Thu, 02 Dec 2004 22:02:52 GMT
I solved my own problem. In the <web-resource-collection> I needed to 
add a <url-pattern> for my SOAP service. I also hade to modify the 
<handler 
type="java:org.apache.axis.handlers.SimpleAuthorizationHandler"/> to 
define allowByDefault: as

              <handler 
type="java:org.apache.axis.handlers.SimpleAuthorizationHandler">
                  <parameter name="allowByDefault" value="true"/>
               </handler>

David

David Robison wrote:

> I have a web service that provides both web pages via a servlet and 
> also SOAP services. I use basic authentication for the web pages and 
> that works fine. I want the SOAP services to use the same authentication.
>
> I've added the following to my wsdd:
>
>     <globalConfiguration>
>        <requestFlow>
>            <handler 
> type="java:org.apache.axis.handlers.SimpleAuthenticationHandler"/>
>              <handler 
> type="java:org.apache.axis.handlers.SimpleAuthorizationHandler"/>
>               <handler type="java:org.apache.axis.handlers.JWSHandler">
>                <parameter name="scope" value="session"/>
>               </handler>
>               <handler type="java:org.apache.axis.handlers.JWSHandler">
>                <parameter name="scope" value="request"/>
>                <parameter name="extension" value=".jwr"/>
>               </handler>
>            <handler type="log"/>
>           </requestFlow>
>     </globalConfiguration>
>
> I've also set the init-param in the web.xml
>
>    <servlet>
>        <servlet-name>AxisServlet</servlet-name>
>        <display-name>Apache-Axis Servlet</display-name>
>        
> <servlet-class>org.apache.axis.transport.http.AxisServlet</servlet-class>
>        <init-param>
>            <param-name>use-servlet-security</param-name>
>            <param-value>1</param-value>                  
> </init-param>      </servlet>
>
> And in the same file, I define the security constraints
>
>    <security-constraint>
>           <web-resource-collection>
>            <web-resource-name>SecurePages</web-resource-name>
>            <description>Security for OpenIMACCS site</description>
>            <url-pattern>*.event</url-pattern>
>            <http-method>POST</http-method>
>            <http-method>GET</http-method>
>           </web-resource-collection>
>
>        <auth-constraint>
>            <role-name>User</role-name>
>        </auth-constraint>
>
>        <user-data-constraint>
>            <description>SSL not required</description>
>            <transport-guarantee>NONE</transport-guarantee>
>        </user-data-constraint>
>    </security-constraint>
>
>    <login-config>
>        <auth-method>BASIC</auth-method>
>    </login-config>
>
>    <env-entry>
>        <description>JNDI logging context for this webapp</description>
>        <env-entry-name>log4j/logging-context</env-entry-name>
>        <env-entry-value>OpenIMACCS</env-entry-value>
>        <env-entry-type>java.lang.String</env-entry-type>
>    </env-entry>
>
> The realm is defined in the Server.xml as
>
>      <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
>      driverName="org.postgresql.Driver"
>      connectionURL="jdbc:postgresql://localhost/OpenIMACCS"
>      connectionName="postgres" connectionPassword="postgres"
>        userTable="OpenIMACCS_users" userNameCol="user_name" 
> userCredCol="user_pass"
>        userRoleTable="OpenIMACCS_user_roles" roleNameCol="role_name" />
>
> However, when I try to call a SOAP service, I get the following error:
>
> 2964 [Thread-13] DEBUG org.apache.axis.transport.http.HTTPSender  - 
> POST /OpenIMACCS/services/MIMOSAReg HTTP/1.0
> Content-Type: text/xml; charset=utf-8
> Accept: application/soap+xml, application/dime, multipart/related, text/*
> User-Agent: Axis/1.2alpha
> Host: localhost:8080
> Cache-Control: no-cache
> Pragma: no-cache
> SOAPAction: ""
> Content-Length: 734
> Authorization: Basic RGF2aWQ6Q29yaW5uZQ==
>
> null
> 2974 [Thread-13] DEBUG org.apache.axis.transport.http.HTTPSender  - 
> HTTP/1.1 401 Unauthorized
> 2974 [Thread-13] DEBUG org.apache.axis.transport.http.HTTPSender  - 
> WWW-Authenticate Basic realm="AXIS"
>
>
> It appears that the realm AXIS is incorrect. Am I reading it right? 
> Any thoughts and ideas?
> Thansk,
> David Robison
>

-- 

David R Robison
Open Roads Consulting, Inc.
708 S. Battlefield Blvd., Chesapeake, VA 23322
phone: (757) 546-3401
e-mail: drrobison@openroadsconsulting.com
web: http://openroadsconsulting.com
blog: http://therobe.blogspot.com



Mime
View raw message