RE: Problems using the ServletSecurityProvider to do Basic Authentication

Tue, 10 May 2005 00:13:48 -0700 

With trace logging turned on I get the following:

- Enter: SimpleAuthenticationHandler::invoke
- provider.getClass : class
org.apache.axis.security.servlet.ServletSecurityProvider
- org.apache.axis.i18n.resource::handleGetObject(user00)
- User:  preselect
- org.apache.axis.i18n.resource::handleGetObject(user00)
- User:  preselect
- org.apache.axis.i18n.resource::handleGetObject(password00)
- Password:  preselect
- org.apache.axis.i18n.resource::handleGetObject(password00)
- Password:  preselect
- org.apache.axis.i18n.resource::handleGetObject(got00)
- Got HttpServletRequest
- org.apache.axis.i18n.resource::handleGetObject(noPrincipal00)
- No principal!
- org.apache.axis.i18n.resource::handleGetObject(cantAuth01)
- Enter: SOAPPart ctor(FORM_FAULT)
- org.apache.axis.i18n.resource::handleGetObject(setMsgForm)
- Setting current message form to: FORM_FAULT (currentMessage is now
org.apache.axis.AxisFault) 

What is the principal, am I stilling missing some configuration.
Is this meaningful to anybody.

Clement


-----Original Message-----
From: Clement Lyons 
Sent: Tuesday, 10 May 2005 4:44 PM
To: axis-user@ws.apache.org
Subject: Problems using the ServletSecurityProvider to do Basic
Authentication


Hi All

I'am running an Axis (1.2RC3) Web Service on a Tomcat (4.1.31) I'am
having problems getting Basic Authentication working using the
ServletSecurityProvider and the SimpleAuthenticationHandler. 

This is my configuration:

In the Axis web.xml:
  <servlet>
    <servlet-name>AxisServlet</servlet-name>
    <display-name>Apache-Axis Servlet</display-name>
    <servlet-class>
        org.apache.axis.transport.http.AxisServlet
    </servlet-class>
    <init-param>
      <param-name>use-servlet-security</param-name>
      <param-value>1</param-value>
    </init-param>
  </servlet>

  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Web Services Basic Authentication</realm-name>
  </login-config>                                             

In the server-config.wsdd
  <requestFlow name="checks">
   <handler
type="java:org.apache.axis.handlers.SimpleAuthenticationHandler"/>
  </requestFlow>
  <parameter name="allowedRoles" value="test"/>

In tomcat-users.xml
<tomcat-users>
  <role rolename="test"/>
  <user username="test" password="test" roles="test"/> </tomcat-users>

This setup was previously discussed here
http://marc.theaimsgroup.com/?l=axis-user&m=104403054218784&w=2 quite a
while back.

I add the username and password in the client and using TCPMON can see
that it is being sent in the HTTP Headers.

I've also added logging to the SimpleAuthenticationHandler and can see
that the username/password is received correctly and that the security
provider used is
org.apache.axis.security.servlet.ServletSecurityProvider

Should the allowedRoles specified in the server-config.wsdd be a user or
role in the tomcat-users.xml.

Any pointers or help would be much appreciated.

Clement

Reply via email to