You are viewing a plain text version of this content. The canonical link for it is here.
Posted to soap-user@ws.apache.org by Sandip Satpathy <sa...@jataayusoft.com> on 2004/06/01 09:15:10 UTC
Fw: Enable HTTP Basic Authentication for soap service
Hi,
Need some help to enable Basic HTTP Authentication for SOAP service (messaging). I am interested deploying the service in IBM WAS.
A article in http://www.soapuser.com/sb_02jul02.html explains about a possible approach to enable http basic authentication.
It says use a modified provider instead of the default one, in this case "MsgJavaProvider.class".
The trivial form of modified provider is written as follows:
/************MsgHTTPBasicAuthProvider.java***********************/
package mmssoap.soap.providers.jataayu ;
import java.io.* ;
import javax.servlet.* ;
import javax.servlet.http.* ;
import org.apache.soap.* ;
import org.apache.soap.rpc.* ;
import org.apache.soap.server.* ;
import org.apache.soap.server.http.* ;
import org.apache.soap.util.* ;
import org.apache.soap.encoding.soapenc.Base64;
public class MsgHTTPBasicAuthProvider implements Provider {
protected DeploymentDescriptor dd ;
protected Envelope envelope ;
protected Call call ;
protected String methodName ;
protected String targetObjectURI ;
protected HttpServlet servlet ;
protected HttpSession session ;
protected Object targetObject ;
public void locate( DeploymentDescriptor dd, Envelope env, Call call, String methodName, String targetObjectURI, SOAPContext reqContext)
throws SOAPException {
HttpServlet servlet = (HttpServlet) reqContext.getProperty( Constants.BAG_HTTPSERVLET );
HttpSession session = (HttpSession) reqContext.getProperty( Constants.BAG_HTTPSESSION );
// BASIC AUTHENTICATION PART
{
HttpServletRequest rq = (HttpServletRequest) reqContext.getProperty(Constants.BAG_HTTPSERVLETREQUEST);
try {
String auth = rq.getHeader ("Authorization");
auth = auth.substring (auth.indexOf (" "));
String decoded = new String(Base64.decode(auth));
int i = decoded.indexOf (":");
String username = decoded.substring (0,i);
String password = decoded.substring (i+1, decoded.length ());
if (!fetchPasswordFromUser(username).equals(password))
throw new SOAPException(Constants.FAULT_CODE_PROTOCOL,"Authentication failed");
} catch (Exception e) {
System.err.println ("Authentication Information Not Found. ERROR [" + e.getMessage () + "]") ;
throw new SOAPException(Constants.FAULT_CODE_PROTOCOL, "Authentication failed");
}
}
System.err.println ("Authentication SUCCESSFUL") ;
this.dd = dd ;
this.envelope = env ;
this.call = call ;
this.methodName = methodName ;
this.targetObjectURI = targetObjectURI ;
this.servlet = servlet ;
this.session = session ;
ServletConfig config = servlet.getServletConfig();
ServletContext context = config.getServletContext ();
ServiceManager serviceManager =
ServerHTTPUtils.getServiceManagerFromContext (context);
// Default processing for 'java' and 'script' providers.. call on a valid method name?
if (!MessageRouter.validMessage (dd, methodName)) {
throw new SOAPException (Constants.FAULT_CODE_SERVER, "Method '" + methodName + "' is not supported.");
}
// get at the target object
targetObject = ServerHTTPUtils.getTargetObject(serviceManager, dd, targetObjectURI, servlet, session, reqContext, context);
};
public void invoke(SOAPContext reqContext, SOAPContext resContext)
throws SOAPException { // invoke the method on the target object
try {
MessageRouter.invoke( dd, envelope, targetObject, methodName, reqContext, resContext ); // Line 149
}
catch( Exception e ) {
if ( e instanceof SOAPException ) throw (SOAPException ) e ;
e.printStackTrace( System.err) ;
throw new SOAPException( Constants.FAULT_CODE_SERVER, e.toString() );
}
};
public String fetchPasswordFromUser (String UserName)
{// expecting username and password to be same
return UserName ;
};
};
/************************** END *************************/
The service is deployed with changed Deployment desciptor:
/************************** dds.xml **********************/
<root>
<isd:service xmlns:isd="http://xml.apache.org/xml-soap/deployment" id="urn:mm7interface" type="message" checkMustUnderstands="false">
<isd:provider type="mmssoap.soap.providers.jataayu.MsgHTTPBasicAuthProvider" scope="Application" methods="MyMethod">
<isd:java class="mmssoap.server.Interface" static="false"/>
</isd:provider>
<isd:faultListener>org.apache.soap.server.DOMFaultListener</isd:faultListener></isd:service>
</root>
/************************** END ************************/
Now when the client sends a request, the authentication is performed. However on success I am getting "ClassCastException"
<?xml version='1.0' encoding='UTF-8'?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>SOAP-ENV:Server</faultcode>
<faultstring>Exception from service object: mmssoap.server.MM7Interface</faultstring>
<faultactor>/mm7soap/servlet/messagerouter</faultactor>
<detail>
<stackTrace>java.lang.ClassCastException: mmssoap.server.MM7Interface
at org.apache.soap.server.InvokeBSF.service(InvokeBSF.java:116)
at java.lang.reflect.Method.invoke(Native Method)
at org.apache.soap.server.MessageRouter.invoke(MessageRouter.java:68)
at mmssoap.soap.providers.jataayu.MsgHTTPBasicAuthProvider.invoke(MsgHTTPBasicAuthProvider.java:149)
at org.apache.soap.server.http.MessageRouterServlet.doPost(MessageRouterServlet.java:268)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.ibm.servlet.engine.webapp.StrictServletInstance.doService(ServletManager.java:827)
at com.ibm.servlet.engine.webapp.StrictLifecycleServlet._service(StrictLifecycleServlet.java:159)
:
:
:
</stackTrace></detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>
Can some tell me what has gone wrong and how to fix it ?
Regards,
- Sandip
----- Original Message -----
From: Sandip Satpathy
To: soap-user@ws.apache.org
Sent: Thursday, December 21, 2000 6:12 AM
Subject: Enable Basic Authentication
May be a off the track question..
Can some one help me ?
I have a soap application deployed in websphere 4.0. How can I enable "basic authentication" for all the HTTP request to "messagerouter" ?
So far I have tried following steps :(Steps as described in the advanced edition handbook)
1. in AAT right click on Web Module and select properties
2. select the "advanced" tab
3. select the "login configuration" check box.
4. Set the authentication method to "Basic"
5. Set the Realm Name to "mm7soap"
6. Save / Update the ear.
How ever after redeploying the service a GET request to the "messagerouter" from browser is not prompting me for user id and password.
Pls help.
Regards,
- sandip
Re: Enable HTTP Basic Authentication for soap service
Posted by Scott Nichol <sn...@scottnichol.com>.
This is a bug in MessageRouter. Its invoke method has the line
if (providerType == DeploymentDescriptor.PROVIDER_JAVA) {
However, RPCRouter, which does not have the bug, reads
if (providerType == DeploymentDescriptor.PROVIDER_JAVA ||
providerType == DeploymentDescriptor.PROVIDER_USER_DEFINED) {
This means MessageRouter tries to handle the services for custom providers as scripts instead of Java classes.
Scott Nichol
Do not send e-mail directly to this e-mail address,
because it is filtered to accept only mail from
specific mail lists.
----- Original Message -----
From: "Sandip Satpathy" <sa...@jataayusoft.com>
To: <so...@ws.apache.org>
Sent: Tuesday, June 01, 2004 3:15 AM
Subject: Fw: Enable HTTP Basic Authentication for soap service
Hi,
Need some help to enable Basic HTTP Authentication for SOAP service (messaging). I am interested deploying the service in IBM WAS.
A article in http://www.soapuser.com/sb_02jul02.html explains about a possible approach to enable http basic authentication.
It says use a modified provider instead of the default one, in this case "MsgJavaProvider.class".
The trivial form of modified provider is written as follows:
/************MsgHTTPBasicAuthProvider.java***********************/
package mmssoap.soap.providers.jataayu ;
import java.io.* ;
import javax.servlet.* ;
import javax.servlet.http.* ;
import org.apache.soap.* ;
import org.apache.soap.rpc.* ;
import org.apache.soap.server.* ;
import org.apache.soap.server.http.* ;
import org.apache.soap.util.* ;
import org.apache.soap.encoding.soapenc.Base64;
public class MsgHTTPBasicAuthProvider implements Provider {
protected DeploymentDescriptor dd ;
protected Envelope envelope ;
protected Call call ;
protected String methodName ;
protected String targetObjectURI ;
protected HttpServlet servlet ;
protected HttpSession session ;
protected Object targetObject ;
public void locate( DeploymentDescriptor dd, Envelope env, Call call, String methodName, String targetObjectURI, SOAPContext reqContext)
throws SOAPException {
HttpServlet servlet = (HttpServlet) reqContext.getProperty( Constants.BAG_HTTPSERVLET );
HttpSession session = (HttpSession) reqContext.getProperty( Constants.BAG_HTTPSESSION );
// BASIC AUTHENTICATION PART
{
HttpServletRequest rq = (HttpServletRequest) reqContext.getProperty(Constants.BAG_HTTPSERVLETREQUEST);
try {
String auth = rq.getHeader ("Authorization");
auth = auth.substring (auth.indexOf (" "));
String decoded = new String(Base64.decode(auth));
int i = decoded.indexOf (":");
String username = decoded.substring (0,i);
String password = decoded.substring (i+1, decoded.length ());
if (!fetchPasswordFromUser(username).equals(password))
throw new SOAPException(Constants.FAULT_CODE_PROTOCOL,"Authentication failed");
} catch (Exception e) {
System.err.println ("Authentication Information Not Found. ERROR [" + e.getMessage () + "]") ;
throw new SOAPException(Constants.FAULT_CODE_PROTOCOL, "Authentication failed");
}
}
System.err.println ("Authentication SUCCESSFUL") ;
this.dd = dd ;
this.envelope = env ;
this.call = call ;
this.methodName = methodName ;
this.targetObjectURI = targetObjectURI ;
this.servlet = servlet ;
this.session = session ;
ServletConfig config = servlet.getServletConfig();
ServletContext context = config.getServletContext ();
ServiceManager serviceManager =
ServerHTTPUtils.getServiceManagerFromContext (context);
// Default processing for 'java' and 'script' providers.. call on a valid method name?
if (!MessageRouter.validMessage (dd, methodName)) {
throw new SOAPException (Constants.FAULT_CODE_SERVER, "Method '" + methodName + "' is not supported.");
}
// get at the target object
targetObject = ServerHTTPUtils.getTargetObject(serviceManager, dd, targetObjectURI, servlet, session, reqContext, context);
};
public void invoke(SOAPContext reqContext, SOAPContext resContext)
throws SOAPException { // invoke the method on the target object
try {
MessageRouter.invoke( dd, envelope, targetObject, methodName, reqContext, resContext ); // Line 149
}
catch( Exception e ) {
if ( e instanceof SOAPException ) throw (SOAPException ) e ;
e.printStackTrace( System.err) ;
throw new SOAPException( Constants.FAULT_CODE_SERVER, e.toString() );
}
};
public String fetchPasswordFromUser (String UserName)
{// expecting username and password to be same
return UserName ;
};
};
/************************** END *************************/
The service is deployed with changed Deployment desciptor:
/************************** dds.xml **********************/
<root>
<isd:service xmlns:isd="http://xml.apache.org/xml-soap/deployment" id="urn:mm7interface" type="message" checkMustUnderstands="false">
<isd:provider type="mmssoap.soap.providers.jataayu.MsgHTTPBasicAuthProvider" scope="Application" methods="MyMethod">
<isd:java class="mmssoap.server.Interface" static="false"/>
</isd:provider>
<isd:faultListener>org.apache.soap.server.DOMFaultListener</isd:faultListener></isd:service>
</root>
/************************** END ************************/
Now when the client sends a request, the authentication is performed. However on success I am getting "ClassCastException"
<?xml version='1.0' encoding='UTF-8'?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>SOAP-ENV:Server</faultcode>
<faultstring>Exception from service object: mmssoap.server.MM7Interface</faultstring>
<faultactor>/mm7soap/servlet/messagerouter</faultactor>
<detail>
<stackTrace>java.lang.ClassCastException: mmssoap.server.MM7Interface
at org.apache.soap.server.InvokeBSF.service(InvokeBSF.java:116)
at java.lang.reflect.Method.invoke(Native Method)
at org.apache.soap.server.MessageRouter.invoke(MessageRouter.java:68)
at mmssoap.soap.providers.jataayu.MsgHTTPBasicAuthProvider.invoke(MsgHTTPBasicAuthProvider.java:149)
at org.apache.soap.server.http.MessageRouterServlet.doPost(MessageRouterServlet.java:268)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.ibm.servlet.engine.webapp.StrictServletInstance.doService(ServletManager.java:827)
at com.ibm.servlet.engine.webapp.StrictLifecycleServlet._service(StrictLifecycleServlet.java:159)
:
:
:
</stackTrace></detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>
Can some tell me what has gone wrong and how to fix it ?
Regards,
- Sandip
----- Original Message -----
From: Sandip Satpathy
To: soap-user@ws.apache.org
Sent: Thursday, December 21, 2000 6:12 AM
Subject: Enable Basic Authentication
May be a off the track question..
Can some one help me ?
I have a soap application deployed in websphere 4.0. How can I enable "basic authentication" for all the HTTP request to "messagerouter" ?
So far I have tried following steps :(Steps as described in the advanced edition handbook)
1. in AAT right click on Web Module and select properties
2. select the "advanced" tab
3. select the "login configuration" check box.
4. Set the authentication method to "Basic"
5. Set the Realm Name to "mm7soap"
6. Save / Update the ear.
How ever after redeploying the service a GET request to the "messagerouter" from browser is not prompting me for user id and password.
Pls help.
Regards,
- sandip
RE: Enable HTTP Basic Authentication for soap service
Posted by Anne Thomas Manes <an...@manes.net>.
Try using Axis rather than Apache SOAP:
http://ws.apache.org/axis
Anne
_____
From: Sandip Satpathy [mailto:sandips@jataayusoft.com]
Sent: Tuesday, June 01, 2004 3:15 AM
To: soap-user@ws.apache.org
Subject: Fw: Enable HTTP Basic Authentication for soap service
Hi,
Need some help to enable Basic HTTP Authentication for SOAP service
(messaging). I am interested deploying the service in IBM WAS.
A article in <http://www.soapuser.com/sb_02jul02.html>
http://www.soapuser.com/sb_02jul02.html explains about a possible approach
to enable http basic authentication.
It says use a modified provider instead of the default one, in this case
"MsgJavaProvider.class".
The trivial form of modified provider is written as follows:
/************MsgHTTPBasicAuthProvider.java***********************/
package mmssoap.soap.providers.jataayu ;
import java.io.* ;
import javax.servlet.* ;
import javax.servlet.http.* ;
import org.apache.soap.* ;
import org.apache.soap.rpc.* ;
import org.apache.soap.server.* ;
import org.apache.soap.server.http.* ;
import org.apache.soap.util.* ;
import org.apache.soap.encoding.soapenc.Base64;
public class MsgHTTPBasicAuthProvider implements Provider {
protected DeploymentDescriptor dd ;
protected Envelope envelope ;
protected Call call ;
protected String methodName ;
protected String targetObjectURI ;
protected HttpServlet servlet ;
protected HttpSession session ;
protected Object targetObject ;
public void locate( DeploymentDescriptor dd, Envelope env, Call call,
String methodName, String targetObjectURI, SOAPContext reqContext)
throws SOAPException {
HttpServlet servlet = (HttpServlet) reqContext.getProperty(
Constants.BAG_HTTPSERVLET );
HttpSession session = (HttpSession) reqContext.getProperty(
Constants.BAG_HTTPSESSION );
// BASIC AUTHENTICATION PART
{
HttpServletRequest rq = (HttpServletRequest)
reqContext.getProperty(Constants.BAG_HTTPSERVLETREQUEST);
try {
String auth = rq.getHeader ("Authorization");
auth = auth.substring (auth.indexOf (" "));
String decoded = new String(Base64.decode(auth));
int i = decoded.indexOf (":");
String username = decoded.substring (0,i);
String password = decoded.substring (i+1, decoded.length ());
if (!fetchPasswordFromUser(username).equals(password))
throw new
SOAPException(Constants.FAULT_CODE_PROTOCOL,"Authentication failed");
} catch (Exception e) {
System.err.println ("Authentication Information Not Found.
ERROR [" + e.getMessage () + "]") ;
throw new SOAPException(Constants.FAULT_CODE_PROTOCOL,
"Authentication failed");
}
}
System.err.println ("Authentication SUCCESSFUL") ;
this.dd = dd ;
this.envelope = env ;
this.call = call ;
this.methodName = methodName ;
this.targetObjectURI = targetObjectURI ;
this.servlet = servlet ;
this.session = session ;
ServletConfig config = servlet.getServletConfig();
ServletContext context = config.getServletContext ();
ServiceManager serviceManager =
ServerHTTPUtils.getServiceManagerFromContext (context);
// Default processing for 'java' and 'script' providers.. call on a
valid method name?
if (!MessageRouter.validMessage (dd, methodName)) {
throw new SOAPException (Constants.FAULT_CODE_SERVER, "Method '" +
methodName + "' is not supported.");
}
// get at the target object
targetObject = ServerHTTPUtils.getTargetObject(serviceManager, dd,
targetObjectURI, servlet, session, reqContext, context);
};
public void invoke(SOAPContext reqContext, SOAPContext resContext)
throws SOAPException { // invoke the method on the target
object
try {
MessageRouter.invoke( dd, envelope, targetObject, methodName,
reqContext, resContext ); // Line 149
}
catch( Exception e ) {
if ( e instanceof SOAPException ) throw (SOAPException ) e ;
e.printStackTrace( System.err) ;
throw new SOAPException( Constants.FAULT_CODE_SERVER, e.toString()
);
}
};
public String fetchPasswordFromUser (String UserName)
{// expecting username and password to be same
return UserName ;
};
};
/************************** END *************************/
The service is deployed with changed Deployment desciptor:
/************************** dds.xml **********************/
<root>
<isd:service xmlns:isd="http://xml.apache.org/xml-soap/deployment"
id="urn:mm7interface" type="message" checkMustUnderstands="false">
<isd:provider
type="mmssoap.soap.providers.jataayu.MsgHTTPBasicAuthProvider"
scope="Application" methods="MyMethod">
<isd:java class="mmssoap.server.Interface" static="false"/>
</isd:provider>
<isd:faultListener>org.apache.soap.server.DOMFaultListener</isd:faultListene
r></isd:service>
</root>
/************************** END ************************/
Now when the client sends a request, the authentication is performed.
However on success I am getting "ClassCastException"
<?xml version='1.0' encoding='UTF-8'?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="
<http://schemas.xmlsoap.org/soap/envelope/>
http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="
<http://www.w3.org/2001/XMLSchema-instance>
http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="
<http://www.w3.org/2001/XMLSchema> http://www.w3.org/2001/XMLSchema">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>SOAP-ENV:Server</faultcode>
<faultstring>Exception from service object:
mmssoap.server.MM7Interface</faultstring>
<faultactor>/mm7soap/servlet/messagerouter</faultactor>
<detail>
<stackTrace>java.lang.ClassCastException: mmssoap.server.MM7Interface
at org.apache.soap.server.InvokeBSF.service(InvokeBSF.java:116)
at java.lang.reflect.Method.invoke(Native Method)
at org.apache.soap.server.MessageRouter.invoke(MessageRouter.java:68)
at
mmssoap.soap.providers.jataayu.MsgHTTPBasicAuthProvider.invoke(MsgHTTPBasicA
uthProvider.java:149)
at
org.apache.soap.server.http.MessageRouterServlet.doPost(MessageRouterServlet
.java:268)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at
com.ibm.servlet.engine.webapp.StrictServletInstance.doService(ServletManager
.java:827)
at
com.ibm.servlet.engine.webapp.StrictLifecycleServlet._service(StrictLifecycl
eServlet.java:159)
:
:
:
</stackTrace></detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>
Can some tell me what has gone wrong and how to fix it ?
Regards,
- Sandip
----- Original Message -----
From: Sandip <ma...@jataayusoft.com> Satpathy
To: soap-user@ws.apache.org
Sent: Thursday, December 21, 2000 6:12 AM
Subject: Enable Basic Authentication
May be a off the track question..
Can some one help me ?
I have a soap application deployed in websphere 4.0. How can I enable "basic
authentication" for all the HTTP request to "messagerouter" ?
So far I have tried following steps :(Steps as described in the advanced
edition handbook)
1. in AAT right click on Web Module and select properties
2. select the "advanced" tab
3. select the "login configuration" check box.
4. Set the authentication method to "Basic"
5. Set the Realm Name to "mm7soap"
6. Save / Update the ear.
How ever after redeploying the service a GET request to the "messagerouter"
from browser is not prompting me for user id and password.
Pls help.
Regards,
- sandip