Hi Ramesh, I think you may need to add a <security-constraint> section to the web.xml. The Weblogic console is quite good for playing about with things like this (unfortunately I'm away from the office at the moment). I also find Sun's DTD for web.xml a good reference for things like this. Basically, think of the Axis URLs as requiring username/password authentication just as if they were standard HTML or JSP pages and secure them using the deployment descriptor. Then the EJB access should work just as you expected. Hope this helps Keith
-----Original Message-----
From: Bobba, Ramesh [mailto:[EMAIL PROTECTED]
Sent: Thu 04/03/2004 16:59
To: '[EMAIL PROTECTED]'
Cc:
Subject: RE: EJB Authentication
Hi Keith,
I am using Weblogic right now (we also plan to support websphere). I am a bit
confused about what you mean by - replicating EJB security constraints on the Axis
servlet. Are you talking about adding the
<security-role><role-name>somerole</role-name></security-role> elements?
Thanks,
Ramesh.
-----Original Message-----
From: Keith Hatton [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 04, 2004 1:31 AM
To: [EMAIL PROTECTED]
Subject: RE: EJB Authentication
Hi Ramesh,
What app server are you using now?
I've had authentication working using Axis on Weblogic and JBoss in
the past, though I do remember it was more complicated than I expected. The
call.setUsername() and call.setPassword() approach looks fine from what I remember,
but maybe that information is not being passed on to the EJB container.
I seem to remember that what worked best was replicating the EJB
security constraints on the Axis servlet - i.e. adding them to web.xml. That way, when
the Axis EJB provider asks for an InitialContext to do its lookup, it automatically
presents the right username/password settings to the EJB container.
Hope this helps
Keith
-----Original Message-----
From: Bobba, Ramesh [mailto:[EMAIL PROTECTED]
Sent: Thu 04/03/2004 00:49
To: Axis-User (E-mail)
Cc:
Subject: EJB Authentication
Hi,
I get an java.rmi.AccessException exception because the EJBs
that the
WebService implementation class is trying to use are
username/password
protected. We were using weblogic and with that, the client
was able to
authenticate by making call:
call.setProperty("javax.xml.rpc.security.auth.username",
"username");
call.setProperty("javax.xml.rpc.security.auth.password",
"password");
I tried using both the
call.setProperty(Call.USERNAME_PROPERTY,
"username")/call.setProperty(Call.PASSWORD_PROPERTY, "password)
and also
call.setUsername("username")/call.setPassword("password")
but both don't seem to work as I still keep getting the
AccessException:
Security Violation User '<anonymous>' has insufficient
permission to access
EJB
Does anyone know how to get around this problem?
Thanks,
Ramesh.
<<winmail.dat>>
