I have 2 web apps - empService and empClient. I am just printing a "Hello Employee" message from service. I put both these apps on the same security domain. When I call my service app directly, it asks for login credentials to open the webpage. But when I call it from the client, it is throwing HTTP Error 401 (unauthorized). Since they both use same security domain, client should also be granted access when I call the service right. Can someone please let me know if I need to add something else to the code here.
empService
- src
- com.channel.employee.service
- Employee
- EmployeeService
- WebContent
- WEB-INF
- classes
- employee-roles.properties
- employee-users.properties
- jboss-web.xml
- web.xml
- hello.jsp
empClient
- src
- com.channel.employee.client
- EmployeeClient
- WebContent
- WEB-INF
- classes
- employee-roles.properties
- employee-users.properties
- jboss-web.xml
- web.xml
Employee.java
@Path("/")
public class Employee {
/*@Inject
static EmployeeService employeeService;*/
EmployeeService employeeService=new EmployeeService();
@GET
@Path("/xml")
@Produces({ "application/xml" })
@RolesAllowed({"employee"})
public
String getHelloWorldXML() {
return "<xml><result>" + employeeService.createHelloMessage("Employee") + "</result></xml>";
}
}
EmployeeService.java
public class EmployeeService {
String createHelloMessage(String name) {
return "Hello " + name + "!";
}
}
employee-roles.properties
usaaemp1=employee
usaaemp2=employee
employee-users.properties
usaaemp1=usaaemp11
usaaemp2=usaaemp22
jboss-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>
java:/jaas/Employee</security-domain>
</jboss-web>
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">
<display-name>empService</display-name>
<welcome-file-list>
<welcome-file>hello.jsp</welcome-file>
</welcome-file-list>
<context-param>
<param-name>resteasy.role.based.security</param-name>
<param-value>true</param-value>
</context-param>
<servlet-mapping>
<servlet-name>javax.ws.rs.core.Application</servlet-name>
<url-pattern>/employee/*</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>EmployeeChannel</web-resource-name>
<url-pattern>/employee/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>employee</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<!-- <realm-name>Specify Realm Name Here</realm-name> -->
</login-config>
<security-role>
<role-name>employee</role-name>
</security-role>
</web-app>
hello.jsp
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
<a href="employee/xml">Employee Channel</a>
</body>
</html>
EmployeeClient.java
public class EmployeeClient {
public static void main(String[] args){
try{
//Initiate a client request using the url as a parameter
ClientRequest request = new ClientRequest("http://localhost:8080/ent_securityprefs_empService/employee/xml");
request.accept("application/xml");
//To get the response based on the request
ClientResponse<String> response = request.get(String.class);
//Check the HTTP status of the request
//HTTP 200 indicates the request is OK
if(response.getStatus() != 200){
throw new RuntimeException("Failed request with HTTP status: "+response.getStatus());
}
//If we get a good response, now let's read it
BufferedReader br = new BufferedReader(new InputStreamReader(new ByteArrayInputStream(response.getEntity().getBytes())));
String output;
//Loop over the br in order to print out the contents
System.out.println("\n*** Response from Server ***\n");
while((output = br.readLine()) != null){
System.out.println(output);
}
} catch(ClientProtocolException cpe) {
System.err.println(cpe);
} catch(IOException ioe){
System.err.println(ioe);
} catch(Exception e){
System.err.println(e);
}
}
}
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">
<display-name>empClient</display-name>
<security-constraint>
<web-resource-collection>
<web-resource-name>EmployeeChannel</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>employee</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<!-- <realm-name>Specify Realm Name Here</realm-name> -->
</login-config>
<security-role>
<role-name>employee</role-name>
</security-role>
</web-app>
standalone-full.xml
<security-domain name="Employee" cache-type="default">
<authentication>
<login-module code="UsersRoles" flag="required">
<module-option name="usersProperties" value="employee-users.properties"/>
<module-option name="rolesProperties" value="employee-roles.properties"/>
</login-module>
</authentication>
</security-domain>