• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

HTTP Error 401 while calling RESTFul Web service from a RESTFul client in JBOSS EAP 6.3

 
Ranch Hand
Posts: 85
1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have 2 web apps - empService and empClient. I am just printing a "Hello Employee" message from service. I put both these apps on the same security domain. When I call my service app directly, it asks for login credentials to open the webpage. But when I call it from the client, it is throwing HTTP Error 401 (unauthorized). Since they both use same security domain, client should also be granted access when I call the service right. Can someone please let me know if I need to add something else to the code here.

empService
- src
- com.channel.employee.service
- Employee
- EmployeeService
- WebContent
- WEB-INF
- classes
- employee-roles.properties
- employee-users.properties
- jboss-web.xml
- web.xml
- hello.jsp
empClient
- src
- com.channel.employee.client
- EmployeeClient
- WebContent
- WEB-INF
- classes
- employee-roles.properties
- employee-users.properties
- jboss-web.xml
- web.xml
Employee.java
@Path("/")
public class Employee {
/*@Inject
static EmployeeService employeeService;*/

EmployeeService employeeService=new EmployeeService();

@GET
@Path("/xml")
@Produces({ "application/xml" })
@RolesAllowed({"employee"})
public String getHelloWorldXML() {
return "<xml><result>" + employeeService.createHelloMessage("Employee") + "</result></xml>";
}

}

EmployeeService.java
public class EmployeeService {

String createHelloMessage(String name) {
return "Hello " + name + "!";
}

}
employee-roles.properties
usaaemp1=employee
usaaemp2=employee
employee-users.properties
usaaemp1=usaaemp11
usaaemp2=usaaemp22

jboss-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>java:/jaas/Employee</security-domain>
</jboss-web>
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">
<display-name>empService</display-name>
<welcome-file-list>
<welcome-file>hello.jsp</welcome-file>
</welcome-file-list>

<context-param>
<param-name>resteasy.role.based.security</param-name>
<param-value>true</param-value>
</context-param>

<servlet-mapping>
<servlet-name>javax.ws.rs.core.Application</servlet-name>
<url-pattern>/employee/*</url-pattern>
</servlet-mapping>

<security-constraint>
<web-resource-collection>
<web-resource-name>EmployeeChannel</web-resource-name>
<url-pattern>/employee/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>employee</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
<!-- <realm-name>Specify Realm Name Here</realm-name> -->
</login-config>
<security-role>
<role-name>employee</role-name>
</security-role>

</web-app>
hello.jsp
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
<a href="employee/xml">Employee Channel</a>
</body>
</html>
EmployeeClient.java
public class EmployeeClient {

public static void main(String[] args){

try{
//Initiate a client request using the url as a parameter
ClientRequest request = new ClientRequest("http://localhost:8080/ent_securityprefs_empService/employee/xml");
request.accept("application/xml");

//To get the response based on the request
ClientResponse<String> response = request.get(String.class);

//Check the HTTP status of the request
//HTTP 200 indicates the request is OK
if(response.getStatus() != 200){
throw new RuntimeException("Failed request with HTTP status: "+response.getStatus());
}

//If we get a good response, now let's read it
BufferedReader br = new BufferedReader(new InputStreamReader(new ByteArrayInputStream(response.getEntity().getBytes())));

String output;

//Loop over the br in order to print out the contents
System.out.println("\n*** Response from Server ***\n");
while((output = br.readLine()) != null){
System.out.println(output);
}
} catch(ClientProtocolException cpe) {
System.err.println(cpe);
} catch(IOException ioe){
System.err.println(ioe);
} catch(Exception e){
System.err.println(e);
}

}

}
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">
<display-name>empClient</display-name>
<security-constraint>
<web-resource-collection>
<web-resource-name>EmployeeChannel</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>employee</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<!-- <realm-name>Specify Realm Name Here</realm-name> -->
</login-config>
<security-role>
<role-name>employee</role-name>
</security-role>
</web-app>
standalone-full.xml
<security-domain name="Employee" cache-type="default">
<authentication>
<login-module code="UsersRoles" flag="required">
<module-option name="usersProperties" value="employee-users.properties"/>
<module-option name="rolesProperties" value="employee-roles.properties"/>
</login-module>
</authentication>
</security-domain>
 
Sheriff
Posts: 22783
131
Eclipse IDE Spring VI Editor Chrome Java Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You've specified that every resource is only accessible for users with the employee role, and authentication should be done using BASIC authentication, but where do you send any credentials to login?
 
swathi bairu
Ranch Hand
Posts: 85
1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I was informed to format the code in this post, but i couldn't find an edit option here. So I created this as a new post again: https://coderanch.com/t/657597/JBoss/Error-Consuming-Secured-RESTEasy-Web#3048282. Please delete this post.
 
swathi bairu
Ranch Hand
Posts: 85
1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Rob Spoor wrote:You've specified that every resource is only accessible for users with the employee role, and authentication should be done using BASIC authentication, but where do you send any credentials to login?



They are in WEB-INF/classes properties files - employee-roles.properties and employee-users.properties.
 
Can you shoot lasers out of your eyes? Don't look at this tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic