axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Rose <>
Subject WebSphere 6.1 security and Axis2
Date Wed, 06 Feb 2008 21:25:28 GMT
I am trying to deploy axis2 on WebSphere Application Server 6.1 in an 
enterprise application that contains additional EJB jars.  I am able to 
invoke the web services with no difficulty (I can set breakpoints inside 
their implementations and see logging from our service implementation) 
so -- for the record -- Axis2 seems to be working as advertised.

However, I have a problem, and I am hoping that someone with experience 
with Axis2 and WebSphere can point me down the path to fixing it.

Our session beans -- to which we delegate for business logic from the 
web service facade -- require that the user be authenticated in the 
container.  Not only is that a security concern, but we extract custom 
credentials from the Subject in order to do the work.

The web services, however, despite my best effort, cannot be made to 
require authentication.  I am not using ws-security, I am attempting to 
simply use HTTP basic authentication for the web application, but 
nothing I do can provoke WebSphere to provide me with a password request 
dialog for any of the servlets.  I am testing this by navigating in a 
web browser to the service listing page, which simply bypasses all of 
the login modules defined in WEB_INBOUND in the container.

Attached is the web.xml from the final, deployed axis2 WAR file.  I 
would dearly like to know why this does not result in my being required 
to provide a password.  If anyone can help me, I would be very grateful.

Chris Rose
Developer    Planet Consulting Group
(780) 577-8433

View raw message