i haven't tried this. it certainly must be possible, but right now i haven't
the time to figure it out.
i would start at MessageContext.getAxisEngine().getGlobalRequest() and search
in that area. the file itself is loaded by
org.apache.axis.configuration.EngineConfigurationFactoryDefault. also i seem
to remember someone mentioning that you could access the global request flow
and insert a handler into that flow at runtime. also if you have permissions
you can call System.setProperty() from a startup servlet (if you want a
possibly much simpler solution that opens up a bunch of possible bugs if
another servlet in the same servlet engine tries to connect to a different web
service...)
sorry i couldn't be of more help. :-/
...............ron.
> Ok...i dont use the client_deploy.wsdd....is there any way to avoid
> using it? I have the client inside a servlet so i cant specify it with
> the java -D.... command line.
> Thx!
> Michael
>
>>do you have this in your client-config.wsdd?
>><deployment ...>
>> <transport .../>
>> <globalConfiguration>
>> <requestFlow>
>> <!-- add the header that carries the user's login-name -->
>> <handler type="java:org.apache.ws.axis.security.WSDoAllSender">
>> <parameter name="action" value="UsernameToken"/>
>> <parameter name="actor" value="loginName"/>
>> <parameter name="passwordCallbackClass" value="PWCallback"/>
>> </handler>
>>?
>>
>>otherwise there won't be any handler in the request flow that knows what to
>> do
>>with those properties.
>>
>>hth.
>>.............ron.
>>
>>
>>>Ok, so i got the server working basically (i think) but when calling it
>>>i get the following exception at the client:
>>>
>>>AxisFault
>>> faultCode:
>>>{http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
>>> faultSubcode:
>>> faultString: WSDoAllReceiver: Request does not contain required
>>>Security header
>>>
>>>
>>>Thats the client code so far:
>>>
>>>try {
>>> binding = new al.JCT.service.JCTServiceLocator().getJCTSession();
>>> Stub axisPort = (Stub)binding;
>>> axisPort._setProperty(UsernameToken.PASSWORD_TYPE,
>>>WSConstants.PASSWORD_DIGEST);
>>> axisPort._setProperty(WSHandlerConstants.USER, "wss4j");
>>> axisPort._setProperty(WSHandlerConstants.PW_CALLBACK_REF, new
>>>PWCallback());
>>> }
>>> catch (javax.xml.rpc.ServiceException jre) {
>>> jre.printStackTrace();
>>> return;
>>> }
>>>
>>> try {
>>> al.JCT.service.Job[] value = null;
>>> String ids[] = {"1218"};
>>> value = binding.getJobStatus("rudi", "qw", null, ids);
>>> if (value != null) {
>>> for (int i=0; i < value.length; i++) {
>>> System.out.println(value[i].getId() + " - " +
>>>value[i].getName() + " - " + value[i].getPe());
>>> System.out.println(value[i].getReservations());
>>> System.out.println(value[i].getOutputPaths()[0].getPath());
>>> }
>>> }
>>> binding.submitJob(null, null, null);
>>> }
>>> catch (java.rmi.RemoteException re) {
>>> re.printStackTrace();
>>> return;
>>> }
>>>
>>>
>>>Any ideas on this one?
>>>
>>>Thx!
>>>Michael
>>>
>>>
>>>
>>>>you can extract all the security info by looking at the Vector stored
>>>>as a property in the MessageContext:
>>>>Vector resultHandlers =
>>>>(Vector)MessageContext.getCurrentContext().getProperty(WSHandlerConstants.RECV_RESULTS);
>>>>
>>>>
>>>>this vector contains, as far as i can tell, everything you could want
>>>>to know.
>>>>or you can extract the username from the message itself -
>>>>ArrayList actorList = new ArrayList();
>>>>actorList.add("actor value for my UsernameToken entry");
>>>>Message request = MessageContext.getCurrentContext().getRequestMessage();
>>>>SOAPEnvelope envelope = (SOAPEnvelope)request.getSOAPEnvelope();
>>>>Vector headers = envelope.getHeadersByActor(actorList);
>>>>SOAPHeaderElement header = (SOAPHeaderElement)headers.get(0);
>>>>
>>>>you can then extract the actual username by walking the DOM tree to
>>>>the node which contains the username
>>>>MessageElement usernameTokenElement =
>>>>header.getChildElement(USERNAME_TOKEN_QNAME);
>>>>MessageElement usernameElement =
>>>>usernameTokenElement.getChildElement(USERNAME_QNAME);
>>>>String username = usernameElement.getValue();
>>>>
>>>>(you'll also need these)
>>>>static final QName USERNAME_TOKEN_QNAME = new
>>>>QName(WSConstants.WSSE_NS, WSConstants.USERNAME_TOKEN_LN);
>>>>static final QName USERNAME_QNAME = new QName(WSConstants.WSSE_NS,
>>>>WSConstants.USERNAME_LN);
>>>>
>>>>in my app i have a handler which i put in the request chain right
>>>>after the WSDoAllReceiver which extracts the username using the above
>>>>code, does an LDAP lookup of the user to gather roles, and then
>>>>creates an app-specific user object which it stores it as a properly
>>>>in the MessageContext where anyone in the handling chain can then
>>>>extract it via getProperty().
>>>>
>>>>hth.
>>>>......................ron.
>>>>
>>>>Michael Rudolf wrote:
>>>>
>>>>
>>>>
>>>>>Thanks a lot for the detailed description! I think this will work
>>>>>fine for me. One more question about this though: Can i read the
>>>>>username inside the web service? Or is there any way of getting
>>>>>information like the group a user belongs to inside the web service
>>>>>to read it there? It sounds like the Service does get any of this
>>>>>info since the authentication is completely transparent to the
>>>>>service itself.
>>>>>Thanks.
>>>>>Michael
>>>>>
>>>>>
>>>>>
>>>>>>by "Web Services are made out of Session EJBs" you mean you have
>>>>>>Session EJBs that expose a SOAP-over-HTTP interface? WSS4J uses 2
>>>>>>handlers, one client-side and one server-side (WSDoAllSender
>>>>>>(client) and WSDoAllReceiver (server)) which plug into the handler
>>>>>>chain supported by Axis to "intercept" the request on its way to the
>>>>>>server. WSDoAllSender adds a WSSecurity header to the SOAP message
>>>>>>on send (configured using a properties file). WSDoAllReceiver then
>>>>>>processes the incoming message, validates whatever it's configured
>>>>>>to validate and then passes the request on to your handlers/service
>>>>>>(or rejects the message if it does not validate properly). to add
>>>>>>UsernameTokens to a request and process them on the server requires
>>>>>>a CallbackHandler on the client side which can provide the password
>>>>>>for a user. this is then processed into a UsernameToken, included
>>>>>>in the SOAP header, and on the server side you'll need another
>>>>>>CallbackHandler which can provide the password for the user (pulled
>>>>>>from LDAP) which WSS4J will compare to what's provided in the
>>>>>>UsernameToken and thus authenicate the message before your service
>>>>>>(however it's implemented) ever gets called. it's quite transparent
>>>>>>for the most part. it also inserts a few entries in the
>>>>>>MessageContext so you can later determine what kind of authenication
>>>>>>has been done.
>>>>>>
>>>>>>hth.
>>>>>>.......................ron.
>>>>>>Michael Rudolf wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>>Is there any difference in case the Web Services are made out of
>>>>>>>Session EJBs? Or does WSS4J work the same way in that case?
>>>>>>>Thanks!
>>>>>>>Michael
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>you may want to look at WSS4J and UsernameTokens. they're pretty
>>>>>>>>straight-forward as long as your client can support them. they
>>>>>>>>are part of
>>>>>>>>the WS-Security standard if you want to stick with "endorsed"
>>>>>>>>authentication
>>>>>>>>mechanisms. then on the server-side you'll typically need a JNDI
>>>>>>>>interface to
>>>>>>>>your LDAP server to authenticate the user on that side.
>>>>>>>>
>>>>>>>>hth.
>>>>>>>>................ron.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>Hi,
>>>>>>>>>is there any tutorial or example for authenticating users of we
>>>>>>>>>services
>>>>>>>>>by username and pass over HTTPS? Can anybody explain in more
>>>>>>>>>detail how
>>>>>>>>>this works? Is there any alternative to it? I want to query axis web
>>>>>>>>>sercvices from a portal. That uses LDAP for authetication. I
>>>>>>>>>would like
>>>>>>>>>to use the same directory for authenticating the users at the web
>>>>>>>>>services that are being queried.
>>>>>>>>>Thanks for any help!
>>>>>>>>>Michael
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>>
>>
>>
>>
>
>
