Hello, many thanx for all the answers to my question! :-) The thing was, I used in web.xml <url-pattern>/services</url-pattern> instead of <url-pattern>/services/*</url-pattern>
Now auth in principle and isUserInRole and all work as expected :) :) :) Actually I'm trying to figure out, what the meaning of <parameter name="allowedRoles" value="my_role1"/> in the service.wsdd is. In web.xml, I enabled two logical roles, "my_role1" and "my_role2" to be able to use the service (I just protected the POST method). Works fine so far, without sending BASIC auth information a client is not able to use the web service. Now I just tried to "disable" my_role2 via the .wsdd file by just adding "my_role1". But seems to have no effect, a user which is in tomcat-users.xml only in my_role1, not in my_role2, is still able to use the service. Anyway, getting the isUserInRole() working is enough for today ;-) cu Merten > -----Original Message----- > From: Brian Rook [mailto:[EMAIL PROTECTED] > Sent: Wednesday, April 06, 2005 8:30 PM > To: axis-user@ws.apache.org > Subject: Re: JAX-RPC web service in Axis, > servletEndpointContext.isUserInRole(), how to map users to roles? > > We just made a service that uses authenticated user data. It sounds > like, from your previous emails, that you did get user authentication > working with your container, so your question might be directed to > this group. > > The MessageContext object might have what you need. Check this out: > http://ws.apache.org/axis/java/apiDocs/org/apache/axis/Message > Context.html > > I've retrieved user data like this: > MessageContext mc = MessageContext.getCurrentContext(); > //should be able to retrieve username from message context > String username = mc.getUsername(); > > it sounds like you want the getRoles() method, which (from the API) > hasn't been implemented yet. You might be able to work around this > for now if you can access your roles (RDBMS, properties file) by > looking them up through the username. That's what we do. > > brian > > > On Apr 6, 2005 9:59 AM, [EMAIL PROTECTED] > <[EMAIL PROTECTED]> wrote: > > > > You can map this in users.xml. See the tomcat list for details. > > > > Gregory P Bobak > > > > > > > > > > "Keith Hatton" <[EMAIL PROTECTED]> > > > > 04/06/2005 11:00 AM > > > > Please respond to > > axis-user@ws.apache.org > > > > > > To <axis-user@ws.apache.org> > > > > cc > > > > > > Subject RE: JAX-RPC web service in Axis, > > servletEndpointContext.isUserInRole(), how to map users to > > roles? > > > > > > > > > > > > Hi Merten, > > > > I suggest you ask this question on a Tomcat list. You are > right, this is > > a J2EE feature. I would expect this to work in Axis, but > you will need > > to configure your deployment descriptors for your > application server to > > make this work. > > > > Hope this helps > > Keith > > > > > > -----Original Message----- > > From: Merten Schumann [mailto:[EMAIL PROTECTED] > > Sent: 06 April 2005 14:11 > > To: axis-user@ws.apache.org > > Subject: RE: JAX-RPC web service in Axis, > > servletEndpointContext.isUserInRole(), how to map users to > > roles? > > > > > > Hello, > > > > some time before I asked this question here, maybe in 2005 > someone could > > help me out :-) I'm still having problems with these > "logical roles". I > > don't know how > > (where?) to map my logical roles from web.xml to physical > roles. Is this > > a J2EE feature and not supported in Axis? > > > > Thank you! > > Merten > > > > > -----Original Message----- > > > From: Merten Schumann [mailto:[EMAIL PROTECTED] > > > Sent: Friday, October 15, 2004 9:43 AM > > > To: axis-user@ws.apache.org > > > Subject: Re: JAX-RPC web service in Axis, > > > servletEndpointContext.isUserInRole(), how to map users > > to roles? > > > > > > Any answers here? I'm still in trouble with this > > > servletEndpointContext.isUserInRole("my_role") > > > stuff, it never returns true since I still don't know > how to introduce > > > > > user roles (not groups) in Axis (in Tomcat) > > > > > > Thank you! > > > Merten > > > > > > > -----Original Message----- > > > > From: Merten Schumann [mailto:[EMAIL PROTECTED] > > > > Sent: Tuesday, October 12, 2004 11:12 AM > > > > To: axis-user@ws.apache.org > > > > Subject: JAX-RPC web service in Axis, > > > > servletEndpointContext.isUserInRole(), how to map > > users to roles? > > > > > > > > This is a repost with a different subject, maybe I do get > > > > with this new > > > > subject responses here. :-) > > > > > > > > I got a simple service with basic auth running in > Axis, Hurray! For > > > > that, following some documentation I created a .war > > > with axis.jar > > > > and all in it to have my own web app. Works fine. :-) > > > > > > > > Now I do call in the service implementation > > > > servletEndpointContext.isUserInRole("my_role") > > > > and get all the time false returned. > > > > Hmmm, could it be that in Axis/Tomcat the concept of > these "logical" > > > > > > roles isn't implemented and we have "only" users and groups? > > > > > > > > My web.xml contains link to my_role: > > > > <security-constraint> > > > > <display-name>SecurityConstraint</display-name> > > > > <web-resource-collection> > > > > <web-resource-name>WRCollection</web-resource-name> > > > > <url-pattern>/services</url-pattern> > > > > <http-method>POST</http-method> > > > > </web-resource-collection> > > > > <auth-constraint> > > > > <role-name>my_role</role-name> > > > > </auth-constraint> > > > > <user-data-constraint> > > > > <transport-guarantee>NONE</transport-guarantee> > > > > </user-data-constraint> > > > > </security-constraint> > > > > <login-config> > > > > <auth-method>BASIC</auth-method> > > > > </login-config> > > > > <security-role> > > > > <role-name>my_role</role-name> > > > > </security-role> > > > > > > > > When I deploy to Sun App server, I have in sun-web.xml > > > > <security-role-mapping> > > > > <role-name>my_role</role-name> > > > > <group-name>my_group1</group-name> > > > > </security-role-mapping> > > > > to map the logical role (my_role) to a group (my_group1). > > > The group is > > > > physically existing in the Sun App server. Then, > > > > isUserInRole("my_role") returns true. In the App Server's > > > admin, I do > > > > setup groups, not roles. In conf/tomcat-users.xml, probably > > > the roles > > > > mean groups. I tried to put there a <group> Element, seems to > > > > work. But > > > > how (where?) to map the group to a role, as I can do > in sun-web.xml? > > > > > > > > Could you help me here, how to manage this logical > role stuff in > > > > Axis/Tomcat? Thank you! > > > > Merten > > > > > > > > > > > >
