RE: EJB Authentication

[Bobba, Ramesh]

Title: EJB Authentication

Hi,   I got this working (kinda) in the sense that the server works fine. It executes the ejb methods and returns a soap message (according to what I see in the logs), but on the client side I get an AxisFault saying: Dose anyone know why? I have all the generated client side classes in the class path! I am also attaching the client code.   Thanks,   Ramesh.   org.xml.sax.SAXException: Deserializing parameter 'findDeviceReturn':  could not find deserializer for type {http://values.oampAdapter.insignia.com}FindDeviceResponse         at org.apache.axis.message.RPCHandler.onStartChild(RPCHandler.java:302)         at org.apache.axis.encoding.DeserializationContextImpl.startElement(DeserializationContextImpl.java:963)         at org.apache.axis.message.SAX2EventRecorder.replay(SAX2EventRecorder.java:198)         at org.apache.axis.message.MessageElement.publishToHandler(MessageElement.java:722)         at org.apache.axis.message.RPCElement.deserialize(RPCElement.java:233)         at org.apache.axis.message.RPCElement.getParams(RPCElement.java:347)         at org.apache.axis.client.Call.invoke(Call.java:2272)         at org.apache.axis.client.Call.invoke(Call.java:2171)         at org.apache.axis.client.Call.invoke(Call.java:1691)         at GetInfo.main(GetInfo.java:147) AxisFault  faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException  faultSubcode:  faultString: org.xml.sax.SAXException: Deserializing parameter &apos;findDeviceReturn&apos;:  could not find deserializer for type {http://values.oampAdapter.insignia.com}FindDeviceResponse  faultActor:  faultNode:  faultDetail:         {http://xml.apache.org/axis/}stackTrace: org.xml.sax.SAXException: Deserializing parameter 'findDeviceReturn':  could not find deserializer for type {http://values.oampAdapter.insignia.com}FindDeviceResponse         at org.apache.axis.message.RPCHandler.onStartChild(RPCHandler.java:302)         at org.apache.axis.encoding.DeserializationContextImpl.startElement(DeserializationContextImpl.java:963)         at org.apache.axis.message.SAX2EventRecorder.replay(SAX2EventRecorder.java:198)         at org.apache.axis.message.MessageElement.publishToHandler(MessageElement.java:722)         at org.apache.axis.message.RPCElement.deserialize(RPCElement.java:233)         at org.apache.axis.message.RPCElement.getParams(RPCElement.java:347)         at org.apache.axis.client.Call.invoke(Call.java:2272)         at org.apache.axis.client.Call.invoke(Call.java:2171)         at org.apache.axis.client.Call.invoke(Call.java:1691)         at GetInfo.main(GetInfo.java:147) -----Original Message----- From: Keith Hatton [mailto:[EMAIL PROTECTED] Sent: Thursday, March 04, 2004 10:14 AM To: [EMAIL PROTECTED] Subject: RE: EJB Authentication Hi Ramesh,   I think you may need to add a <security-constraint> section to the web.xml. The Weblogic console is quite good for playing about with things like this (unfortunately I'm away from the office at the moment). I also find Sun's DTD for web.xml a good reference for things like this.   Basically, think of the Axis URLs as requiring username/password authentication just as if they were standard HTML or JSP pages and secure them using the deployment descriptor. Then the EJB access should work just as you expected.   Hope this helps Keith   -----Original Message----- From: Bobba, Ramesh [mailto:[EMAIL PROTECTED] Sent: Thu 04/03/2004 16:59 To: '[EMAIL PROTECTED]' Cc: Subject: RE: EJB Authentication Hi Keith,   I am using Weblogic right now (we also plan to support websphere). I am a bit confused about what you mean by - replicating EJB security constraints on the Axis servlet. Are you talking about adding the <security-role><role-name>somerole</role-name></security-role> elements?   Thanks,   Ramesh. -----Original Message----- From: Keith Hatton [mailto:[EMAIL PROTECTED] Sent: Thursday, March 04, 2004 1:31 AM To: [EMAIL PROTECTED] Subject: RE: EJB Authentication Hi Ramesh,   What app server are you using now?   I've had authentication working using Axis on Weblogic and JBoss in the past, though I do remember it was more complicated than I expected. The call.setUsername() and call.setPassword() approach looks fine from what I remember, but maybe that information is not being passed on to the EJB container.   I seem to remember that what worked best was replicating the EJB security constraints on the Axis servlet - i.e. adding them to web.xml. That way, when the Axis EJB provider asks for an InitialContext to do its lookup, it automatically presents the right username/password settings to the EJB container.   Hope this helps Keith   -----Original Message----- From: Bobba, Ramesh [mailto:[EMAIL PROTECTED] Sent: Thu 04/03/2004 00:49 To: Axis-User (E-mail) Cc: Subject: EJB Authentication Hi, I get an java.rmi.AccessException exception because the EJBs that the WebService implementation class is trying to use are username/password protected. We were using weblogic and with that, the client was able to authenticate by making call: call.setProperty("javax.xml.rpc.security.auth.username", "username"); call.setProperty("javax.xml.rpc.security.auth.password", "password"); I tried using both the call.setProperty(Call.USERNAME_PROPERTY, "username")/call.setProperty(Call.PASSWORD_PROPERTY, "password) and also call.setUsername("username")/call.setPassword("password") but both don't seem to work as I still keep getting the AccessException: Security Violation User '<anonymous>' has insufficient permission to access EJB Does anyone know how to get around this problem? Thanks, Ramesh.

GetInfo.java
Description: Binary data