You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Daniel Chisholm <da...@attbi.com> on 2002/04/25 07:40:55 UTC
Basic Authorization: Password is ignored.
I would like to use Basic Authorization with Axis beta 1 running on Tomcat
4.0.3. My operating system is Windows 2000. I have a service that just
echoes a string back to the client. If I point a browser at the service, I
will be asked for a User ID and Password, so it appears that Tomcat
understands what I am trying to do. Unfortunately, Axis appears to allow
the Axis client to invoke the service even with an incorrect password.
Therefore, I assume that Axis is not aware of my intent to use Basic
Authorization. I am new to Web Services and Axis so my error is probably
something very basic and obvious.
I added the following elements to the file
%TOMCAT_HOME%\webapps\axis\WEB-INF\web.xml
<servlet>
<servlet-name>AxisServletProtected</servlet-name>
<display-name>Apache-Axis Servlet</display-name>
<servlet-class>org.apache.axis.transport.http.AxisServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>AxisServletProtected</servlet-name>
<url-pattern>services/protect/*</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/services/protect/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>MyCustomer</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Protected Area</realm-name>
</login-config>
The deploy.wsdd file is as follows.
<deployment xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<service name="services/protect/MyService" provider="java:RPC">
<parameter name="className" value="services/protect.MyService"/>
<parameter name="allowedMethods" value="*"/>
</service>
</deployment>
The client sends the following SOAP Message. Note: the password sent by the
client is not correct, but Axis invoked the service anyway.
POST /axis/servlet/AxisServlet HTTP/1.0
Content-Length: 525
Host: localhost
Content-Type: text/xml; charset=utf-8
Authorization: Basic TXlDdXN0b21lcjpYWFg=
SOAPAction: ""
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope
SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/">
<SOAP-ENV:Body>
<ns1:serviceMethod xmlns:ns1="services/protect/MyService">
<arg1 xsi:type="xsd:string">Test</arg1>
</ns1:serviceMethod>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
I'm doing this test using the MemoryRealm. The following is from
%TOMCAT_HOME%/conf/server.xml.
<Realm className="org.apache.catalina.realm.MemoryRealm" />
I added the following to %TOMCAT_HOME%/conf/tomcat-users.xml.
<user name="MyCustomer" password="MyCustomer" roles="MyCustomer" />
I assume that I did not configure Axis correctly. Is there an obvious error
here?
Dan