Securing SOAP webservice, wildfly, authentication error - web-services

I've got a jax-ws webservice which I need to secure. When I start wildfly everything seems to load nicely, but when I try to send a request via SOAPUI tool, the server returns Error with body element - unauthorized. Relevant parts of code below.
Webservice itself:
#WebService
#Stateless
#RolesAllowed("testrole")
#SecurityDomain("test-domain")
public class Test {
#WebMethod
#WebResult(name = "HelloResponse")
public String sayHello(#WebParam(name = "username") String name) {
return "Hello " + name;
}
}
standalone.xml:
<security-domain name="test-domain" cache-type="default">
<authentication>
<login-module code="org.jboss.security.auth.spi.UserRolesLoginModule"
flag="required">
<module-option name="userProperties" value="test-domain-users.properties" relative-to="jboss.server.config.dir"/>
<module-option name="rolesProperties" value="test-domain-roles.properties" relative-to="jboss.server.config.dir"/>
</login-module>
</authentication>
</security-domain>
jboss-web.xml:
<jboss-web>
<security-domain>test-domain</security-domain>
</jboss-web>
test-domain-users.properties and test-domain-roles.properties look like this:
testuser=testpassword, testuser=testrole

Related

CXF Code First SOAP Web Service Endpoint Protocol

I am implementing a Code first cxf web service. How does cxf decide the soap:address part of generated wsdl ? Is it using the hostname from the deployed machine ?
Also, can I change the endpoint protocol from http to https programmatically or by-configuration on the deployed application ?
You can use Spring for this.
you must create an impl for the interface service.
#WebService(endpointInterface = "com.services.MyAwesomeService")
public class MyAwesomeServiceImpl implements MyAwesomeService {
#Override
public String sayHi(String text) {
return "Hello " + text;
}
}
And config vía Spring.
#Configuration
public class ServiceConfig {
#Bean(name = Bus.DEFAULT_BUS_ID)
public SpringBus springBus() {
return new SpringBus();
}
#Bean(name = "myAwesomeService")
public MyAwesomeServiceImpl myAwesomeService() {
return new MyAwesomeServiceImpl();
}
#Bean
public Endpoint endpoint() {
EndpointImpl endpoint = new EndpointImpl(springBus(), myAwesomeService());
endpoint.publish("/MyAwesomeService");
return endpoint;
}
}
After doing this. You will have your service published in the path /MyAwesomeService.
To configure the HTTPS protocol, I recommend you configure it in the application container (Tomcat) or dedicated front (Apache, F5, etc.)

auth-constraint - role-name - user - ignored

I am trying to learn about authentication in JAX-WS, so I made a small Netbeans8.0.2/Glassfish4.1 web application with a JAX-WS webservice, and I am trying to make it not public, but available to authorized users only.
The web.xml file for this webservice contains:
<security-constraint>
<web-resource-collection>
<web-resource-name>Fib Web Service</web-resource-name>
<url-pattern>/FibServiceWithAuth/*</url-pattern>
<http-method>*</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>file</realm-name>
</login-config>
However, when I make another simple web app that is using this service,
it works without any authentication required, see here:
http://kempelen.ii.fmph.uniba.sk:8080/FibApp/
I understand that I should connect to the service from the JSF managed bean that handles this JSF page like this:
package fibapp;
import javax.faces.bean.ManagedBean;
import javax.faces.bean.RequestScoped;
import javax.xml.ws.BindingProvider;
import javax.xml.ws.WebServiceRef;
#ManagedBean
#RequestScoped
public class FibBean
{
public FibBean() { }
int n;
String result;
public int getN() { return n; }
public void setN(int newN) { n = newN; }
public String getResult() { return result; }
public void setResult(String newResult) { result = newResult; }
#WebServiceRef(wsdlLocation = "http://kempelen.ii.fmph.uniba.sk:8080/FibServiceWithAuth/FibWithAuth?wsdl")
private FibWithAuth_Service fibService;
public void compute()
{
FibWithAuth fib = fibService.getFibWithAuthPort();
// ((BindingProvider) fib).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "someuser");
// ((BindingProvider) fib).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "somepass");
result = fib.fib(n).toString();
}
}
but even when those user/pass lines are commented out, the bean still gets the result from the webservice.
What is missing, please?
In looking at your WSDL (as specified in your managed bean's #WebServiceRef), the endpoint of the service is
<soap:address
location="http://kempelen.ii.fmph.uniba.sk:8080/FibServiceWithAuth/FibWithAuth"/>
which means your web service resource is /FibWithAuth.
However, your web.xml <security-constraint> url is
<url-pattern>/FibServiceWithAuth/*</url-pattern>
I think you want to change this to
<url-pattern>/FibWithAuth/*</url-pattern>
If you truly want to add the security constraint to the entire FibServiceWithAuth web application, then your <security-constraint> url pattern would be /*.
Lastly, I think you'll also want to change
<http-method>*</http-method>
to
<http-method>POST</http-method>
so that your managed bean can access the WSDL via GET request (per your #WebServiceRef annotation) without authentication.

JBoss: Web service client not connecting (HTTP 404 error)

I am a beginner in JBoss.
I am making a database application that uses JPA. For exposing the same I have to expose a SOAP based web service. I followed the basic JBoss tutorial
http://docs.jboss.org/tools/4.1.0.Final/en/ws_soap_reference/html/topdown.html#bottomupws
to create a web service.
To consume the web service I created a client using the following tutorial.
http://docs.jboss.org/tools/4.1.0.Final/en/ws_soap_reference/html/client.html
But when I am executing this client I am getting a 404 error. The exact same issue is reported on the JBoss community
https://community.jboss.org/thread/164471?tstart=0
My Webservice bean looks something like this:
#WebService(name = "Management", targetNamespace = "http://www.example.org/Management")
public class Management {
#PersistenceContext
private EntityManager em;
#EJB(name = "ejb/ar/ClientEjb", mappedName = "ejb/ar/ClientEjb")
ClientRegistration clientReg;
#WebMethod(action = "http://www.example.org/Management/getAccount")
#WebResult(name = "getAccountResponse", partName = "getAccountResponse")
public String getAccount(
#WebParam(name = "getAccountRequest", partName = "getAccountRequest") String param) {
return "account-56789012354349";
}
#WebMethod(action = "http://www.example.org/Management/addClient")
public List<Client> addClient
(#WebParam(name = "clientId", partName = "clientId") long clientId ){
//For time being let's forget this method.
return null;
}
}
The web.xml has:
<servlet>
<display-name>Management</display-name>
<servlet-name>Management</servlet-name>
<servlet-class>org.jboss.tools.examples.service.Management</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Management</servlet-name>
<url-pattern>/Management</url-pattern>
</servlet-mapping>
The Management.wsdl has:
<wsdl:service name="ManagementService">
<wsdl:port name="ManagementPort" binding="tns:ManagementServiceSoapBinding">
<soap:address location="http://localhost:9090/Management"/>
</wsdl:port>
</wsdl:service>
The ClientSample.java is:
public class ClientSample {
public static void main(String[] args) {
System.out.println("***********************");
System.out.println("Create Web Service Client...");
ManagementService service1 = new ManagementService();
System.out.println("Create Web Service...");
Management port1 = service1.getManagementPort();
System.out.println("Call Web Service Operation...");
System.out.println("Server said: " + port1.getAccount(null));
System.out.println("Server said: " + port1.addClient(0));
//Please input the parameters instead of 'null' for the upper method!
System.out.println("Create Web Service...");
Management port2 = service1.getManagementPort();
System.out.println("Call Web Service Operation...");
System.out.println("Server said: " + port2.addClient(Long.parseLong(args[1])));
System.out.println("Server said: " + port2.getAccount(null));
//Please input the parameters instead of 'null' for the upper method!
System.out.println("***********************");
System.out.println("Call Over!");
}
}
Exception is like below:
***********************
Create Web Service Client...
Create Web Service...
Call Web Service Operation...
Exception in thread "main" com.sun.xml.internal.ws.client.ClientTransportException: The server sent HTTP status code 404: Not Found
at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.checkStatusCode(HttpTransportPipe.java:196)
at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:168)
at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:83)
at com.sun.xml.internal.ws.transport.DeferredTransportPipe.processRequest(DeferredTransportPipe.java:105)
at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Fiber.java:587)
at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Fiber.java:546)
at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Fiber.java:531)
at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Fiber.java:428)
at com.sun.xml.internal.ws.client.Stub.process(Stub.java:211)
at com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(SEIStub.java:138)
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:98)
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)
at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:110)
at com.sun.proxy.$Proxy29.getAccount(Unknown Source)
at org.jboss.tools.examples.service.jaxws.clientsample.ClientSample.main(ClientSample.java:20)
I feel this may be because the service is not getting published, but I can't find I way to publish it.
I am using jboss-as-7.1.0.Final Runtime Server.
Note: Just to see if my Client code is correct I published the bean using
Endpoint.publish("http://localhost:9090/Management", new org.jboss.tools.examples.service.Management());
in the client code itself. The web service could be hit, but this is not in the application context of my application.

Creating client for web service

I have deployed a simple hello service in jboss server. I can view the wsdl file. Can someone help me with the client side. I mean how to access this service? Is there any way to access from web browser? Method deployed is
#WebMethod
public String greet( #WebParam(name = "name")
String name )
{
return "Hello" + name;
}
Try to know what is the wsdl url to access the service which you have just exposed. It might most probably be something like "http://localhost: < port-number >/ems-ejb/?wsdl"
If you type the same in the browser, you should be able to see the wsdl file (page with full of xml tags).
Once done, follow the steps provided here
Example on how to call the method once client stub is generated
String endpoint = "your wsdl url";
GreetImplServiceLocator objGreetImplServiceLocator = new GreetImplServiceLocator();
java.net.URL url = new java.net.URL(endpoint);
GreetIntf objGreetIntf = objGreetImplServiceLocator.getFaultImplPort(url);
String greetings=objFaultIntf.greet("stackoverflow");

Netbeans Basic Http Auth Jax-WS

how can I access a webservice through a basic http authentification? I am using the netbeans built in webservice client features. But when I try to access the webservice, I get an exception with a 401 auth failed error message.
How can I pass the right username and password?
Thank you!
You could use BindingProvider or WSBindingProvider class to access a Web Service through a basic http authentification.
The code is as follows.
XxxService service = new XxxService();
Xxx port = service.getXxxPort();
Map<String, Object> reqContext = ((BindingProvider)port).getRequestContext();
reqContext.put(BindingProvider.USERNAME_PROPERTY, "username");
reqContext.put(BindingProvider.PASSWORD_PROPERTY, "password");
You can also provide your own Authenticator. That way it will work even if the WDSL itself is protected by basic HTTP authentication.
#WebServiceRef(wsdlLocation = "https://laka/sito?wsdl")
static XxxService service;
public static void main(String[] args) {
Authenticator.setDefault(new Authenticator() {
#Override
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication("user", "password".toCharArray());
}
});
service = new XxxService();
Xxx port = service.getXxxPort();
// invoke webservice and print response
XxxResponse resp = port.foo();
System.out.println(resp.toString());
}