With trace logging turned on I get the following: - Enter: SimpleAuthenticationHandler::invoke - provider.getClass : class org.apache.axis.security.servlet.ServletSecurityProvider - org.apache.axis.i18n.resource::handleGetObject(user00) - User: preselect - org.apache.axis.i18n.resource::handleGetObject(user00) - User: preselect - org.apache.axis.i18n.resource::handleGetObject(password00) - Password: preselect - org.apache.axis.i18n.resource::handleGetObject(password00) - Password: preselect - org.apache.axis.i18n.resource::handleGetObject(got00) - Got HttpServletRequest - org.apache.axis.i18n.resource::handleGetObject(noPrincipal00) - No principal! - org.apache.axis.i18n.resource::handleGetObject(cantAuth01) - Enter: SOAPPart ctor(FORM_FAULT) - org.apache.axis.i18n.resource::handleGetObject(setMsgForm) - Setting current message form to: FORM_FAULT (currentMessage is now org.apache.axis.AxisFault)
What is the principal, am I stilling missing some configuration. Is this meaningful to anybody. Clement -----Original Message----- From: Clement Lyons Sent: Tuesday, 10 May 2005 4:44 PM To: axis-user@ws.apache.org Subject: Problems using the ServletSecurityProvider to do Basic Authentication Hi All I'am running an Axis (1.2RC3) Web Service on a Tomcat (4.1.31) I'am having problems getting Basic Authentication working using the ServletSecurityProvider and the SimpleAuthenticationHandler. This is my configuration: In the Axis web.xml: <servlet> <servlet-name>AxisServlet</servlet-name> <display-name>Apache-Axis Servlet</display-name> <servlet-class> org.apache.axis.transport.http.AxisServlet </servlet-class> <init-param> <param-name>use-servlet-security</param-name> <param-value>1</param-value> </init-param> </servlet> <login-config> <auth-method>BASIC</auth-method> <realm-name>Web Services Basic Authentication</realm-name> </login-config> In the server-config.wsdd <requestFlow name="checks"> <handler type="java:org.apache.axis.handlers.SimpleAuthenticationHandler"/> </requestFlow> <parameter name="allowedRoles" value="test"/> In tomcat-users.xml <tomcat-users> <role rolename="test"/> <user username="test" password="test" roles="test"/> </tomcat-users> This setup was previously discussed here http://marc.theaimsgroup.com/?l=axis-user&m=104403054218784&w=2 quite a while back. I add the username and password in the client and using TCPMON can see that it is being sent in the HTTP Headers. I've also added logging to the SimpleAuthenticationHandler and can see that the username/password is received correctly and that the security provider used is org.apache.axis.security.servlet.ServletSecurityProvider Should the allowedRoles specified in the server-config.wsdd be a user or role in the tomcat-users.xml. Any pointers or help would be much appreciated. Clement