I've implemented the fix, works great, I'd submit it as a patch, but
really I'm not sure my version of JBoss.net xdoclet module is up to
date anymore. It still works for what I need. The .xdt file section
now looks like this on my system:
<XDtClass:ifHasClassTag tagName="jboss-net:authentication"
paramName="validate-unauthenticated-calls">
<parameter name="validateUnauthenticatedCalls"
value="<XDtClass:classTagValue tagName='jboss-net:authentication'
paramName='validate-unauthenticated-calls'/>"/>
</XDtClass:ifHasClassTag>
</handler>
That block goes right after the securityDomain parameter line you
stated below, and just before the (included) </handler> statement.
This way, if it's not there, it won't change the current behaviour. If
it is there, it will take it's value from the parameter. So, basic
usage might look like:
@jboss-net:authentication domain="MYDOMAIN"
validate-unauthenticated-calls="true"
In my version, I shortened validate-unauthenticated-calls to be
'validate' instead. I didn't need the extra baggage, but the longer
version would probably be more kosher with the perfectionists.
-Neal
On June 27, 2003 03:16 am, Jung , Dr. Christoph wrote:
> Neal,
>
> That is good news. Here is the snippet from the
> jboss-net_ejb_xml.xdt that needs to be adapted
>
> <XDtClass:ifHasClassTag tagName="jboss-net:authentication">
> <handler
> type="java:org.jboss.net.axis.server.JBossAuthenticationHandler">
> <parameter name="securityDomain"
> value="java:/jaas/<XDtClass:classTagValue
> tagName='jboss-net:authentication' paramName='domain'/>"/>
> </handler>
> </XDtClass:ifHasClassTag>
>
> Something like
>
> <parameter name="validateUnauthenticatedCalls"
> value="<XDtClass:classTagValue tagName='jboss-net:authentication'
> paramName='validateUnauthenticatedCalls'/>"/>
>
> Such that
>
> @jboss-net:authentication validateUnauthenticatedCalls="true"
>
> should give you the desired output (this was just quickly
> recapitulated and may lack a few details ...)
>
> If you could implement this with a default to "false" and could
> submit the result as a patch, I would be forever yours ;-)
>
> CGJ
>
> > -----Urspr�ngliche Nachricht-----
> > Von: Neal Sanche [mailto:[EMAIL PROTECTED]
> > Gesendet: Donnerstag, 26. Juni 2003 17:51
> > An: [EMAIL PROTECTED]
> > Betreff: Re: AW: [JBoss-user] Web Services and Basic
> > Authentication
> >
> >
> > Hi Dr. Jung,
> >
> > I have definitely been able to get the 401 response to happen
> > now. I guess XDoclet must have overwritten my web-services.xml
> > file and wiped out my validateUnauthenticatedCalls statement. I
> > put it back in and JBoss threw a Server.Unauthenticated AXIS
> > fault, and my Windows ..NET program resent its request with Basic
> > Auth attached. Now I'm going to check to see if the .NET Compact
> > framework will repeat the same behaviour...
> >
> > And it definitely seems to. So, I've written a small Pocket PC
> > application that authenticates itself to JBoss and calls a web
> > service that talks to one of my session beans passing back a java
> > object. Now the only thing I have to do is get the XDoclet
> > generator to put in the validateUnauthenticatedCalls statement.
> > Then I'll be happy. :)
> >
> > Thanks again.
> >
> > -Neal
> >
> > On June 26, 2003 04:18 am, Jung , Dr. Christoph wrote:
> > > Neal,
> > >
> > > AFAIK, a security error in the JBossAuthenticationHandler
> >
> > should force
> >
> > > a 401 response through Axis and the Web layer and hence trigger
> > > the resending in the M$ implementation.
> > >
> > >
> > > CGJ
> > >
> > > > -----Urspr�ngliche Nachricht-----
> > > > Von: Neal Sanche [mailto:[EMAIL PROTECTED]
> > > > Gesendet: Donnerstag, 26. Juni 2003 04:58
> > > > An: JBoss Users Mailing List
> > > > Betreff: [JBoss-user] Web Services and Basic Authentication
> > > >
> > > >
> > > > Hi All,
> > > >
> > > > I'm writing, or at least attempting to write, a .NET client
> > > > that talks to a secured JBoss web service. I've followed the
> > > > other threads in this list that state that I should set an
> > > > acceptUnauthenticatedCalls flag to false, and that isn't
> > > > working. It seems that Microsoft has followed the RFCs
> > > > extremely closely, and not allowed their users to 'force' the
> > > > sending of basic auth information manually in a web service
> > > > call. Instead, if the HTTP layer receives a 401 error from
> > > > the HTTP server, it will resend the request with
> > > > Authentication headers.
> > > >
> > > > I'm still trying to figure out a way to replace or augment
> > > > this functionality in the .NET world. But I'm wondering if it
> > > > would be possible to have JBoss return a 401 error when an
> > > > unauthenticated call arrives in the JBoss-net code? How would
> > > > I go about forcing this situation instead of the current
> > > > 'ErrorCode 500: Internal Server Error' whenever a security
> > > > exception is thrown. Is that possible?
> > > >
> > > > I'm currently running JBoss 3.2.1. Thanks for any insights.
> > > >
> > > > Cheers.
> > > >
> > > > -Neal
> > > >
> > > >
> > > >
> > > > -------------------------------------------------------
> > > > This SF.Net email is sponsored by: INetU
> > > > Attention Web Developers & Consultants: Become An INetU
> > > > Hosting Partner. Refer Dedicated Servers. We Manage Them. You
> > > > Get 10% Monthly Commission! INetU Dedicated Managed Hosting
> > > > http://www.inetu.net/partner/index.php
> > > >
> > > > _______________________________________________
> > > > JBoss-user mailing list
> > > > [EMAIL PROTECTED]
> > > > https://lists.sourceforge.net/lists/listinfo/j> boss-user
> > >
> > > ###########################################
> > >
> > > This message has been scanned by F-Secure Anti-Virus for
> > > Microsoft Exchange. For more information, connect to
> > > http://www.F-Secure.com/
> > >
> > >
> > > -------------------------------------------------------
> > > This SF.Net email is sponsored by: INetU
> > > Attention Web Developers & Consultants: Become An INetU Hosting
> > > Partner. Refer Dedicated Servers. We Manage Them. You Get
> >
> > 10% Monthly
> >
> > > Commission! INetU Dedicated Managed Hosting
> > > http://www.inetu.net/partner/index.php
> > > _______________________________________________
> > > JBoss-user mailing list
> > > [EMAIL PROTECTED]
> > > https://lists.sourceforge.net/lists/listinfo/jboss-user
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by: INetU
> > Attention Web Developers & Consultants: Become An INetU
> > Hosting Partner. Refer Dedicated Servers. We Manage Them. You
> > Get 10% Monthly Commission! INetU Dedicated Managed Hosting
> > http://www.inetu.net/partner/index.php
> >
> > _______________________________________________
> > JBoss-user mailing list
> > [EMAIL PROTECTED]
> > https://lists.sourceforge.net/lists/listinfo/j> boss-user
>
> ###########################################
>
> This message has been scanned by F-Secure Anti-Virus for Microsoft
> Exchange. For more information, connect to http://www.F-Secure.com/
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: INetU
> Attention Web Developers & Consultants: Become An INetU Hosting
> Partner. Refer Dedicated Servers. We Manage Them. You Get 10%
> Monthly Commission! INetU Dedicated Managed Hosting
> http://www.inetu.net/partner/index.php
> _______________________________________________
> JBoss-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/jboss-user
-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
