Basic Authentication on a Web Service [WebSphere 7 for developer]
cyril...@axsionics.ch
I have a problem to active/configure the basic authentication on a web service. I explain me:
I have created a test web service very standard with the web service interface:
{code}@WebService(name="TestService_V1")
@SOAPBinding (style=Style.RPC)
public interface TestService_V1 {
@WebMethod
public String getParameter(@WebParam(name = "parameter") String parameter);
}{code}
and the web service endpoint:
{code}@Stateless
@WebService(endpointInterface = "webservice.TestService_V1", portName = "TestServicePort_V1", serviceName = "TestService_V1")
@DeclareRoles({"AXS_AuSP", "AXS_AA"})
public class TestEndpoint_V1 implements TestService_V1 {
@EJB
private TestManagerLocal test;
@RolesAllowed({"AXS_AA"})
public String getParameter(String parameter) {
return test.getParameter(parameter);
}
}{code}
You can see I want that only users in group AXS_AA could access my method getParameter.
Next I have create the ejb-jar.xml:
{code}
TestEndpoint_V1
Stateless
{code}
and the application.xml contains the security-roles.
You can see it is a very simple and standard web service nothing are special, etc..
Ok, next I have compiled classes and created the EAR file. After that I have used the tool *endptenabler myEAR.ear* to create the http_router for acceding the wsdl url. I don't have modify any descriptors created by this tool.
Finally I have deployed the EAR in WebSphere 7. All thing was running and I can access the wsdl url of the web service.
Then to active the security I have check the checkbox *Enable application security* of the *Global Security* with the administration console of Websphere and I have mapped an user to the group AXS_AA for my application.
Now is the problem:
I have created a very simple web service client with NetBeans:
{code}webservice.TestServiceV1_Service service = new webservice.TestServiceV1_Service();
webservice.TestServiceV1 port = service.getTestServicePortV1();
BindingProvider bp = (BindingProvider) port;
Map rc = bp.getRequestContext();
rc.put(BindingProvider.USERNAME_PROPERTY, "MYUSER");
rc.put(BindingProvider.PASSWORD_PROPERTY, "MYPASSWORD");
String result = port.getParameter("HelloWorld");{code}
You can see, first I access the web service and then I want to add to the requestContext the credential (username and password) to authenticate to the webservice but the authentication doesn't work and I become the following error:
{code}javax.xml.ws.soap.SOAPFaultException: java.rmi.AccessException: ; nested exception is:
com.ibm.websphere.csi.CSIAccessException: SECJ0053E: Authorization failed for /UNAUTHENTICATED while invoking (Bean)Test#Test.jar#TestEndpoint_V1 getParameter:java.lang.String:5 Sujet :
Principal : /UNAUTHENTICATED
Certificat public : com.ibm.ws.security.auth.WSCredentialImpl@508f508f
is not granted any of the required roles: AXS_AA
at com.sun.xml.internal.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:171)
at com.sun.xml.internal.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:94)
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:240)
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:210)
at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:103)
at $Proxy22.getParameter(Unknown Source)
at websphereclient.Main.main(Main.java:44)
{code}
Now I want to know how I can active/configure the basic authentication and send my credential to be able to access the web service method.
Just for information all thing I have done work correctly with JBoss, Sun Glassfish and Oracle WebLogic but I cannot find what I must to do for WebSphere.
Thanks in advance.
Cyrill