dcsimg
basic authentication for web service not working for UserDataBaseRealm in tomcat 6
0 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   anishu
Posted On:   Sunday, June 2, 2013 10:24 AM

  i am using UserDataBaseRealm to perform basic authentication in tomcat 6. basically my app is a copy of the example provided in http://www.mkyong.com with heading Container Authentication with JAX-WS – (Tomcat version) . however my app fails to authenticate even when i provide the correct user name and password as i get the authentication screen for accessing my service URL from browser strangely however when i use a client to call the service it does not authenticate at all no matter what ever i put as user name and password in the client it always succeeds in calling the service. below is my web.xml , tomcat-users.xml and sun-jaxws.xml here is my web.xml    More>>


 

i am using UserDataBaseRealm to perform basic authentication in tomcat 6.
basically my app is a copy of the example provided in http://www.mkyong.com with heading Container Authentication with JAX-WS – (Tomcat version) .
however my app fails to authenticate even when i provide the correct user name and password as i get the authentication screen for accessing my service URL from browser
strangely however when i use a client to call the service it does not authenticate at all no matter what ever i put as user name and password in the client it always succeeds in calling the service.

below is my web.xml , tomcat-users.xml and sun-jaxws.xml

here is my web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
                      http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
  version="3.0">
    <listener>
        <listener-class>
            com.sun.xml.ws.transport.http.servlet.WSServletContextListener
        </listener-class>
    </listener>
    <servlet>
        <servlet-name>user</servlet-name>
        <servlet-class>
            com.sun.xml.ws.transport.http.servlet.WSServlet
        </servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
   
    <security-role>
         <description>Normal operator user</description>
         <role-name>operator</role-name>
       </security-role>

    <security-constraint>
          <web-resource-collection>
            <web-resource-name>Operator Roles Security</web-resource-name>
            <url-pattern>/user</url-pattern>
          </web-resource-collection>

          <auth-constraint>
            <role-name>operator</role-name>
          </auth-constraint>
          <user-data-constraint>
              <transport-guarantee>NONE</transport-guarantee>
          </user-data-constraint>
       </security-constraint>

    <login-config>
          <auth-method>BASIC</auth-method>
          <realm-name>Basic Authentication</realm-name>
       </login-config>

    <servlet-mapping>
        <servlet-name>user</servlet-name>
        <url-pattern>/user</url-pattern>
    </servlet-mapping>
    <session-config>
        <session-timeout>120</session-timeout>
    </session-config>
</web-app>

here is my tomcat-users.xml

<tomcat-users>
  <role rolename="tomcat"/>
  <role rolename="operator"/>
  <role rolename="manager-gui"/>
  <user username="tomcat" password="tomcat" roles="tomcat"/>
  <user username="mkyong" password="mkyong" roles="operator"/>
  <user name="admin" password="admin" roles="manager-gui"/>
</tomcat-users>

here is my sun-jaxws.xml

<?xml version="1.0" encoding="UTF-8"?>
<endpoints
  xmlns="http://java.sun.com/xml/ns/jax-ws/ri/runtime"
  version="2.0">
  <endpoint
      name="User"
      implementation="com.mkyong.ws.UserProfileImpl"
      url-pattern="/user"/>
</endpoints>

 


&lt;span style=&quot;font-family: Arial;&quot;&gt;&lt;span style=&quot;color: rgb(0, 0, 128);&quot;&gt;&lt;span style=&quot;font-size: medium;&quot;&gt;Anirban&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;    <<Less
About | Sitemap | Contact