i am using UserDataBaseRealm to perform basic authentication in
tomcat 6.
basically my app is a copy of the example provided in
http://www.mkyong.com with heading Container Authentication with JAX-WS – (Tomcat version) .
however my app fails to authenticate even when i provide the correct user name and password as i get the authentication screen for accessing my service URL from browser
strangely however when i use a client to call the service it does not authenticate at all no matter what ever i put as user name and password in the client it always succeeds in calling the service.
below is my web.xml , tomcat-users.xml and sun-jaxws.xml
here is my web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<listener>
<listener-class>
com.sun.xml.ws.transport.http.servlet.WSServletContextListener
</listener-class>
</listener>
<
servlet>
<servlet-name>user</servlet-name>
<servlet-class>
com.sun.xml.ws.transport.http.servlet.WSServlet
</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<security-role>
<description>Normal operator user</description>
<role-name>operator</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>Operator Roles Security</web-resource-name>
<url-pattern>/user</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>operator</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Basic Authentication</realm-name>
</login-config>
<servlet-mapping>
<servlet-name>user</servlet-name>
<url-pattern>/user</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>120</session-timeout>
</session-config>
</web-app>
here is my tomcat-users.xml
<tomcat-users>
<role rolename="tomcat"/>
<role rolename="operator"/>
<role rolename="manager-gui"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="mkyong" password="mkyong" roles="operator"/>
<user name="admin" password="admin" roles="manager-gui"/>
</tomcat-users>
here is my sun-jaxws.xml
<?xml version="1.0" encoding="UTF-8"?>
<endpoints
xmlns="http://java.sun.com/xml/ns/jax-ws/ri/runtime"
version="2.0">
<endpoint
name="User"
implementation="com.mkyong.ws.UserProfileImpl"
url-pattern="/user"/>
</endpoints>