Hmm, I modified security.xml as suggested but I'm still getting the 302 response. Here's the whole request/response:
--request-- POST /services/UserService HTTP/1.1 Content-Type: text/xml;charset=UTF-8 SOAPAction: "" User-Agent: Jakarta Commons-HttpClient/3.0.1 Host: rad223:8080 Content-Length: 883 <soapenv:Envelope xmlns:ser="http://service.app.mycompany.com"; xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";> <soapenv:Header> <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";> <wsse:UsernameToken wsu:Id="UsernameToken-6423461" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> <wsse:Username>admin</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>admin</wsse:Password> </wsse:UsernameToken> </wsse:Security> </soapenv:Header> <soapenv:Body> <ser:getUserByUsername> <ser:in0>admin</ser:in0> </ser:getUserByUsername> </soapenv:Body> </soapenv:Envelope> --response-- HTTP/1.1 302 Found Expires: Thu, 01 Jan 1970 00:00:00 GMT Set-Cookie: JSESSIONID=1g24tn24jkdvd;Path=/ Location: http://rad223:8080/login.jsp;jsessionid=1g24tn24jkdvd Content-Length: 0 Server: Jetty(6.1.5) George.Francis wrote: > > Thanks for your response. > I think you're right about the redirect because the 302 error refers to > login.jsp. > I'm using AppFuse 2.0. > I'm trying to test the webservice using SOAPUI-1.7.6 with WSS security > enabled - won't this work as a Client? I thought the Acegi security > AppFuse used was WSS compliant? > I'll give your solution a try anyway. > > > Brett Knights-2 wrote: >> >> You're probably getting a redirect to the login page. >> Assuming you can tell your web service clients to use Basic >> Authentication (easy with PHP) your solution can be as simple as adding >> a basicProcessingFilter to your acegi filter chain. >> For AppFuse 1.9.x >> >> in security.xml >> >> filterChainProxy bean >> >> ...authenticationProcessingFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,... >> >> and supporting bean defs >> >> <bean id="basicProcessingFilter" >> class="org.acegisecurity.ui.basicauth.BasicProcessingFilter"> >> <property name="authenticationManager"><ref >> local="authenticationManager"/></property> >> <property name="authenticationEntryPoint"><ref >> local="basicProcessingFilterEntryPoint"/></property> >> </bean> >> >> <bean id="basicProcessingFilterEntryPoint" >> class="org.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint"> >> <property name="realmName"><value>Web Services</value></property> >> </bean> >> >> HTH >> >> Brett Knights >> >> George.Francis wrote: >>> This is now urgent! I've been trying for days to get secure >>> web-services >>> going. I added /services/**=ROLE_ADMIN,ROLE_USER >>> to security.xml as advised and using WSS with SoapUI-1.7.6 I am only >>> getting >>> an HTTP 302 response. >>> Please help! >>> >>> >>> George.Francis wrote: >>> >>>> Once I've secured my Webservice by editing WEB-INF/security.xml, how do >>>> I >>>> test it? >>>> I've been using SoapUI up until now but since the services are now >>>> secure >>>> this fails (using WSS). >>>> >>>> >>> >>> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> > > -- View this message in context: http://www.nabble.com/secured-web-services-tf4673549s2369.html#a13372115 Sent from the AppFuse - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
