JAX-RS handle multiple authentication mechanism - web-services

I'm learning JAX-RS using Jersey and deploy on JBoss EAP 6.3. I'm developing a test application that offers Webservices consumed by different clients. I correctly setted up the basic authentication system based on Roles and username/password (Realm correctly configured and UP&Running). Everything works fine when my client application consume the WS.
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
<display-name>testWS</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Realm</realm-name>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>Admin Pages</web-resource-name>
<url-pattern>/test/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>role-admin</role-name>
</auth-constraint>
</security-constraint>
<context-param>
<param-name>resteasy.scan</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<param-name>resteasy.scan.providers</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<param-name>resteasy.scan.resources</param-name>
<param-value>false</param-value>
</context-param>
<servlet>
<description>Admin test</description>
<servlet-name>Admin Servlet</servlet-name>
<servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
<init-param>
<param-name>javax.ws.rs.Application</param-name>
<param-value>com.test.webservice.utils.AuthPackageClasses</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Admin Servlet</servlet-name>
<url-pattern>/test/*</url-pattern>
</servlet-mapping>
</web-app>
My second step is to consume the same webservices by a web dashboard which require a login form. My idea is to have a free WS to consume the login and return back some token inside the Cookie in the Response; the same token is stored in my Database.
Other WS must be consumed by the web dashboard injecting the Cookie and the server must validate the token stored in the Cookie.
How can I achieve to authenticate the User coming from two different authentication systems?
Should I redesign my whole authentication system and setup a listener:
if ther's a token in the Cookie -> validate the token
otherwise validate basic authentication
Is there a way to achieve this by configuring the web.xml?
What if I want to implement a third authentication system? My problem is to have the same context-root and validate the caller by different ways.

Related

JAX-WS multiple endpoints Not Found: Invalid Request

I'm trying implement a web service for two endpoints and getting this error
"404 Not Found: Invalid Request" when tried accessing the service after deploying onto the apache toncat 8.
Below are my web service implementation classes, sun-jaxws.xml and web.xml
WebImplementation1.java
package com.ws.soap.services;
import javax.jws.WebService;
#WebService(endpointInterface = "com.ws.soap.services.WebServiceImpl1")
public class WebServiceImpl1 {
public String printMessage() {
return "Hello from WebServiceImpl1 ";
}
}
WebServiceImplementation2.java
package com.ws.soap.services;
import javax.jws.WebService;
#WebService(endpointInterface = "com.ws.soap.services.WebServiceImpl2")
public class WebServiceImpl2 {
public String displayMessage() {
return "Hello from WebServiceImpl2 ";
}
}
sun-jaxws.xml
<?xml version="1.0" encoding="UTF-8"?>
<endpoints xmlns="http://java.sun.com/xml/ns/jax-ws/ri/runtime"
version="2.0">
<endpoint name="WebServiceImpl1" implementation="com.ws.soap.services.WebServiceImpl1"
url-pattern="/impl1" />
<endpoint name="WebServiceImpl2" implementation="com.ws.soap.services.WebServiceImpl2"
url-pattern="/impl2" />
</endpoints>
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<display-name>JAX-WS-Tomcat</display-name>
<listener>
<listener-class>
com.sun.xml.ws.transport.http.servlet.WSServletContextListener
</listener-class>
</listener>
<servlet>
<servlet-name>sayhello</servlet-name>
<servlet-class>com.sun.xml.ws.transport.http.servlet.WSServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>sayhello</servlet-name>
<url-pattern>/impl1</url-pattern>
<url-pattern>/impl2</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
</web-app>
Using the exact code supplied (plus the JAX-WS RI jars downloaded from https://jax-ws.java.net/), I was able to create a webapp and successfully access the service endpoints /impl1 and /impl2. Be advised the <url-pattern> and <endpoint ... url-pattern="/impl1"> directives state the resource path to the JAX-WS endpoints within the context path of the enclosing web application.
So, if the name of the webapp is MyWebServices (MyWebServices.war with no other files/code than described in the post, deployed to Tomcat 8) and you have <url-pattern>/impl1</url-pattern> in web.xml, and with a default Tomcat instance listening on port 8080, your web service endpoint would be http://localhost:800/MyWebServices/impl1 with the WSDL available via http://localhost:800/MyWebServices/impl1?wsdl
If you want to customize your context path of your webapp (e.g. you don't want /MyWebServices/... you can use the techniques described in this SO question.
For example, my local Tomcat 8 is running on port 8081:

Spring MVC app with SOAP web service using WSSpringServlet

I have created a simple Spring MVC web application and trying to expose the services as SOAP based JAX-WS services using JAX-WS commons RI implementation.
After deploying my application on Tomcat 7, when I try accessing my web service, I get a message as 404 Not Found: Invalid Request. Below are my configurations, kindly help in resolving this.
web.xml
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<!-- The definition of the Root Spring Container shared by all Servlets and Filters -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/root-context.xml</param-value>
</context-param>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Processes SOAP Web Service requests -->
<servlet>
<servlet-name>jaxws-servlet</servlet-name>
<servlet-class>com.sun.xml.ws.transport.http.servlet.WSSpringServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>jaxws-servlet</servlet-name>
<url-pattern>/ws/*</url-pattern>
</servlet-mapping>
<!-- Processes application requests -->
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
</web-app>
WEB-INF/spring/appServlet/servlet-context.xml
<beans:bean id="customerService" class="com.home.service.CustomerService" />
<!-- Web Service definition -->
<beans:bean id="customerWS" class="com.home.ws.CustomerWS">
<beans:property name="customerService" ref="customerService" />
</beans:bean>
<wss:binding url="/ws/CustomerServ">
<wss:service>
<ws:service bean="#customerWS" />
</wss:service>
</wss:binding>
CustomerWS.java
#WebService
#SOAPBinding(style = Style.DOCUMENT, use = Use.LITERAL)
public class CustomerWS {
private CustomerService customerService;
#WebMethod
public Customer read(long id) {
return customerService.read(id);
}
public void setCustomerService(CustomerService customerService) {
this.customerService = customerService;
}
}
CustomerService.java
#Service
public class CustomerService {
public Customer read(long id) {
Customer cust = null;
System.out.println("CustomerService.read invoked");
return cust;
}
}
pom.xml - included the dependency of jaxws-spring
<dependency>
<groupId>org.jvnet.jax-ws-commons.spring</groupId>
<artifactId>jaxws-spring</artifactId>
<version>1.9</version>
</dependency>
There are no errors while building or deploying the application. When I access the URL, still I see no errors in the server log files. However, the browser displays the message - 404 Not Found: Invalid Request
URL I am trying is - http://localhost:8080/crrs/ws/CustomerServ?wsdl
If I access my HomeController, it works fine. Home page is loaded as expected.
Appreciate any help. Thanks in advance.
I'm trying to do the same thing. My code is almost the same, I'm just using #Name and #Inject instead of #Service.
Just added extends SpringBeanAutowiringSupport to the #WebService class and it's working
The servlet mappings in the web.xml seem to be the cause.
<servlet-mapping>
<servlet-name>jaxws-servlet</servlet-name>
<url-pattern>/ws/*</url-pattern>
</servlet-mapping>
[...]
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
The spring DispatcherServlet named appServlet takes care of all urls after http://localhost:8080/crrs, even http://localhost:8080/crrs/ws/CustomerServ?wsdl.
The WSSpringServlet url-pattern cannot be reached.

Deploying java web application with javadoc as welcome-file

I have created java web application. When i deploy my applicaton to server using tomcat7, i want to deploy my javadoc as welcome-file so when i go to root directory of app i want to see reference. But instead tomcate gives lots of 404 error. Here is my project structure;
And my web.xml is;
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<servlet>
<servlet-name>ServletAdaptor</servlet-name>
<servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
<init-param>
<description>Multiple packages, separated by semicolon(;), can be specified in param-value</description>
<param-name>com.sun.jersey.config.property.packages</param-name>
<param-value>org.elhan.usermanager</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>ServletAdaptor</servlet-name>
<url-pattern>/api/*</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>javadoc/index.html</welcome-file>
</welcome-file-list>
</web-app>
How can i fix this?
nevermind. I solved the problem by moving javadoc contents to "Web Pages" directory. And in the web.xml file i changed javadoc/index.html with index.htmland deployed it. It works.

How to the Change URL Patern so that it can access normal JSP also

This is my web.xml for my webservices developed using Apache CXF project
As a result of this url pattern , even if i want to access a small HTMl page using
http:localhost:8080/ZTWeb/Test.html
This si result in No Service Found ( As i guess each and every request is being treated as Web service itself )
Please tell me how to resolve this , Means how can i access the HTML pages . JSP pages inside the web application
<web-app>
<servlet>
<display-name>CXF Servlet</display-name>
<servlet-name>CXFServlet</servlet-name>
<servlet-class>
org.apache.cxf.transport.servlet.CXFServlet
</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>CXFServlet</servlet-name>
<url-pattern>*</url-pattern>
</servlet-mapping>
</web-app>
Map the CXF Servlet to another location, for example /services/*

Is it a REST web service?

I am working on a legacy application which have a .war with following structure (and I want to add my servlet in this war)
myApp.war
- axis2-web (Downloaded from http://ws.apache.org/axis2/download/1_1/download.cgi)
- META-INF
-- MANIFEST.MF
- WEB-INF
-- classes (But it don't have any `.class` file , it have `log4j.properties` file)
-- conf (Contains `axis2.xml`)
-- lib (contains many jars)
-- modules
-- services (Some `.aar` files)
-- web.xml
Here is the web.xml file
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<display-name>Apache-Axis2</display-name>
<servlet>
<servlet-name>AxisServlet</servlet-name>
<display-name>Apache-Axis Servlet</display-name>
<servlet-class>
org.apache.axis2.transport.http.AxisServlet</servlet-class>
<!--<init-param>-->
<!--<param-name>axis2.xml.path</param-name>-->
<!--<param-value>/WEB-INF/conf/axis2.xml</param-value>-->
<!--<param-name>axis2.xml.url</param-name>-->
<!--<param-value>http://localhot/myrepo/axis2.xml</param-value>-->
<!--<param-name>axis2.repository.path</param-name>-->
<!--<param-value>/WEB-INF</param-value>-->
<!--<param-name>axis2.repository.url</param-name>-->
<!--<param-value>http://localhot/myrepo</param-value>-->
<!--</init-param>-->
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>AxisRESTServlet</servlet-name>
<display-name>Apache-Axis Servlet (REST)</display-name>
<servlet-class>
org.apache.axis2.transport.http.AxisRESTServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>AxisAdminServlet</servlet-name>
<display-name>Apache-Axis AxisAdmin Servlet (REST)</display-name>
<servlet-class>
org.apache.axis2.transport.http.AxisAdminServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>AxisRESTServlet</servlet-name>
<url-pattern>/rest/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>AxisServlet</servlet-name>
<url-pattern>/servlet/AxisServlet</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>AxisServlet</servlet-name>
<url-pattern>*.jws</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>AxisServlet</servlet-name>
<url-pattern>/services/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>AxisAdminServlet</servlet-name>
<url-pattern>/axis2-admin/*</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
<welcome-file>index.html</welcome-file>
<welcome-file>/axis2-web/index.jsp</welcome-file>
</welcome-file-list>
<error-page>
<error-code>404</error-code>
<location>/axis2-web/Error/error404.jsp</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/axis2-web/Error/error500.jsp</location>
</error-page>
</web-app>
Is it a REST web service ? I Googled and found some tutorials on REST which says REST services have services.xml file but I couldn't find it in my application. I want to integrate my servlet in above war so what will be the right way to do it ?
PS: Please let me know if I am missing anything.
As I understand RESTFUL WS approach that the it has a traditional http request and response with get ,post ,put or delete operations directly passed to the web service and so the response doesn't have any special format (JSON-RPC,SOAP) .
For example , if we write simple code some-service.jsp and put this code on our server
the restful tells us to call the service using any http client passing it the required params
and then we will get the service response .
Now if your application meets this , it would be RESTful .
Note : there are no any specific implementation techniques for REST it is just a WS approach
hope this would help you