Jonah Black

Greenhorn
+ Follow
since Dec 26, 2010
Merit badge: grant badges
For More
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Jonah Black

Hi,

Running eclipse helios, tomcat 5.5, jdk 6

I've created a JAX-WS service, which uses HTTP basic auth and works fine. Further I've used annotations in particular for 2 methods, one accessible by normal users, the other only be admin

E.g. @RolesAllowed(value = {"adminUser"})
public String updates1(String s)
{}


Now I would like to setup the method-permission as described here: http://docs.sun.com/app/docs/doc/819-3669/bnbyv?l=en&a=view

In particular I want to setup a method-permission for basicUser role so that it cannot access updates1 method defined above. So I would assume it looks like this:?

<method-permission>
<role-name>basicUser</role-name>
<method>
<ejb-name>wsServiceName</ejb-name> <!-- from web.xml servlet-name -->
<method-intf>Remote</method-intf>
<method-name>offerlist</method-name> <!-- only this method should be accessible, not updates1 listed above-->
</method>
</method-permission>

Of course from what I've read this should be in a assembly descriptor but I cannot get this to work. Seems that this should all be done in the ejb-jar.xml file, is this correct?

This is a POJO object. I'm not using EJB so what do I put in the ejb.jar.xml for <enterprise-beans>?

For the life of me cannot figure it out and I do not want to call wsContext.isUserInRole in the method updates1. To me that defeats the purpose of this declarative security.

Can you help?

thanks



13 years ago
don't import the service using eclipse I've found.

use wsimport.

resolved.
13 years ago
this works in netbeans btw.

so is it eclipse?
13 years ago
Hi guys,

I'm running eclipse 3.6, tomcat 5.5 config, metro 2.0.1.

I am setting up a WS using basic http authentication, and it works in the browser, I get prompted for the user name and password, I enter it and can access the necessary wsdl

The service looks like this -

@WebService(serviceName="wsofferssvc")
public class wsoffers {

@WebMethod
@RolesAllowed(value = {"basicUser"})
public String offerlist(String id)
{
return id;
}
}


I then create a web service client in eclipse, point to the wsdl and i get the classes:

Wsoffers.java
WsoffersPortBindingStub.java
WsoffersProxy.java

Wsoffersssvc.java

wsofferssvcLocator.java.



I create an instance which works without authentication, using the Proxy object

WsoffersProxy x = new WsoffersProxy();

This works, but now with the authentication set up I need to call code similar to this, right?:

/*
HelloService service = new HelloService();
Hello proxy = (service.getHelloPort());
((BindingProvider)proxy).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "userfoo");
((BindingProvider)proxy).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "passbar");
*/

but using the wsoffersProxy I cannot get the BindingProvider.

How do I do that, since the wsdl is already imported and the classes mentioned above already created?

This must be simple, but I cannot figure out which object to cast. Is the WsoffersProxy the right object to use?

thanks in advance.




13 years ago