Secure Web Service with Basic Authentication in Jboss AS 7 Server

In this article we will implement a web service with basic authentication using Jboss AS 7 server.

  1. Create a Simple Web Service

    Start with implementing simple RPC servlet-based web service with JAX-WS.

  2. Create a User in Jboss AS 7

    New user in Jboss AS 7 is added with add-user utility. Run add-user.bat which is located in {jboss.home}/bin:

    add-user.bat

    More details about "Add-user utility" read at Jboss Documentation.

  3. Add allowed roles to Web Service Endpoint Implementation

                                                
    @RolesAllowed({"newrole"})
    @WebService(endpointInterface = "example.ExamClouds")
    public class ExamCloudsImpl implements ExamClouds {
       ...
    } 
                                 
  4. Modify web.xml

    Add security-role, security-constraint and login-config elements.

                                   
    <security-role>
        <role-name>newrole</role-name>
    </security-role>
    
    <security-constraint>
         <web-resource-collection>
                <web-resource-name>ECCollection</web-resource-name>
                <url-pattern>/ExamClouds</url-pattern>
                <http-method>POST</http-method>
         </web-resource-collection>
         <auth-constraint>
                <role-name>newrole</role-name>
         </auth-constraint>
    </security-constraint>
    
    <login-config>
          <auth-method>BASIC</auth-method>
          <realm-name>ApplicationRealm</realm-name>
    </login-config>
                                   
  5. Create jboss-web.xml

                                                    
    <jboss-web>
        <security-domain>java:/jaas/other</security-domain>
    </jboss-web>
                                                                
  6. Add authentication credentials to the client

                          
    ExamCloudsImplService service = new ExamCloudsImplService();
    ExamClouds port = service.getExamCloudsImplPort();
    
    BindingProvider prov = (BindingProvider) port;
    prov.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "newuser");
    prov.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "new");
    
    System.out.println(port.getSiteName());
    System.out.println(port.getSiteDescription());
                          


0 comments
Leave your comment: