[jira] [Created] (TUSCANY-3997) Authentication Web services

[Tiziana Basile (Created) (JIRA)]

Authentication Web services
---------------------------

                 Key: TUSCANY-3997
                 URL: https://issues.apache.org/jira/browse/TUSCANY-3997
             Project: Tuscany
          Issue Type: Wish
          Components: OASIS Compliance - TUSCANY
    Affects Versions: Java-SCA-1.6.2
         Environment: BeaWeblogic 10.3
            Reporter: Tiziana Basile
            Priority: Blocker


I work on a web service using Tuscany, and I need to use authentication on 
server side. I have a composite file:
<?xml version="1.0" encoding="UTF-8"?>
<composite xmlns="http://www.osoa.org/xmlns/sca/1.0"; 
           xmlns:t="http://tuscany.apache.org/xmlns/sca/1.0"; 
           xmlns:consulta="http://ConsultaService"; 
           targetNamespace="http://ConsultaService"; 
           name="ConsultaService">
        <component name="ConsultaService">
                <implementation.java class="com.pride.app.ConsultaImpl"/>
                <service name="ConsultaService">
                        <interface.java 
interface="com.pride.app.ConsultaService"/>                     
                        <binding.ws requires="authentication"/>
                        <!--binding.ws/-->    
                </service>
        </component>
</composite>

A definitions.xml file like: 
<?xml version="1.0" encoding="UTF-8"?>
<sca:definitions xmlns="http://www.osoa.org/xmlns/sca/1.0";
                                    
targetNamespace="http://tuscany.apache.org/xmlns/sca/1.0";
                                    
xmlns:sca="http://www.osoa.org/xmlns/sca/1.0";
                                    
xmlns:tuscany="http://tuscany.apache.org/xmlns/sca/1.0";>
                        <!--xmlns:consulta="http://ConsultaService"; -->         
                
    <sca:intent name="authentication"    constrains="sca:binding.ws">
      <description>
        Communitcation thro this binding required Authentication.
      </description>
    </sca:intent>       
    <sca:policySet name="specialAuthenticationPolicy" provides="authentication" 
appliesTo="//sca:binding.ws">
    <tuscany:wsConfigParam>
        <parameter name="InflowSecurity" >
            <action>
                <items>UsernameToken</items>
                <user>ConsultaUser</user>
                
<passwordCallbackClass>com.pride.app.common.PWExtInterfaceHandler</passwordCallbackClass>
                <passwordType>PasswordText</passwordType>
            </action>
        </parameter>
    </tuscany:wsConfigParam>
    </sca:policySet>       
</sca:definitions>


The PWExtInterfaceHandler java class is:


package com.pride.app.common;


import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;

import org.apache.log4j.Logger;
import org.apache.ws.security.WSPasswordCallback;


public class PWExtInterfaceHandler implements CallbackHandler {
        
        //public class PWExternalInterfaceHandler_ implements CallbackHandler
        //{ //CallbackHandler è l'interfaccia con cui il sistema richiede le 
credenziali di accesso dell'utente
                
        private Logger log; 
                
    public void handle(Callback[] callbacks)throws IOException, 
UnsupportedCallbackException 
    {        // Il metodo handle di CallbackHandler riceve in ingresso un array 
di opportuni callback
                
     log = Logger.getLogger(PWExtInterfaceHandler.class.getName());
     for (int i = 0; i < callbacks.length; i++)
                {
                     if (callbacks[i] instanceof WSPasswordCallback) 
                      { 
                        WSPasswordCallback pwcb = 
(WSPasswordCallback)callbacks[i]; //La classe WSPasswordCallback fornisce il 
nome di utente
                        String id = pwcb.getIdentifer(); 
                        if (pwcb.getUsage() == 
WSPasswordCallback.USERNAME_TOKEN) 
                                if ("ConsultaUser".equals(id)) 
                                        pwcb.setPassword("pluto");
                      }         
                        else {
                            throw new 
UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");}
                        
                      }         
                
          log.info("handle end process");       
          }
         }

My request is:

<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
                            xmlns:xsd="http://www.w3.org/2001/XMLSchema";
                           
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
<soapenv:Header>
    <wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext"; 
soapenv:mustUnderstand="true">
      <wsse:UsernameToken>
        <wsse:Username>ConsultaUser</wsse:Username>
        <wsse:Password Type ="wsse:PasswordText">pippo</wsse:Password>
      </wsse:UsernameToken>
    </wsse:Security>
</soapenv:Header>
<soapenv:Body>
                <m:consultaService xmlns:m="http://app.pride.com/";>
                        <ConsultaRequest>
                                <inputReq>pippo</inputReq>
                        </ConsultaRequest>
                </m:consultaService>
</soapenv:Body>
</soapenv:Envelope>

BEA Weblogic give to me this error: HTTP error: could not post file:..on server 
... (500) Error sending soap data.
What am I missing?
Thank you





--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira