Secure Web Service

In this article, we will implement a web service with basic authentication using Jboss AS 7 server.

Create a Simple Web Service

Start with implementing a simple RPC servlet-based web service with JAX-WS.

Create a User in Jboss AS 7

New user in Jboss AS 7 is added with add-user utility. Run add-user.bat which is located in {jboss.home}/bin:

add-user.bat Photo

More details about "Add-user utility" read at Jboss Documentation.

Add allowed roles to Web Service Endpoint Implementation

@RolesAllowed({"newrole"})
@WebService(endpointInterface = "example.ExamClouds")
public class ExamCloudsImpl implements ExamClouds {
   ...
}                          

Modify web.xml

Add security-role, security-constraint and login-config elements.

<security-role>
    <role-name>newrole</role-name>
</security-role>

<security-constraint>
     <web-resource-collection>
            <web-resource-name>ECCollection</web-resource-name>
            <url-pattern>/ExamClouds</url-pattern>
            <http-method>POST</http-method>
     </web-resource-collection>
     <auth-constraint>
            <role-name>newrole</role-name>
     </auth-constraint>
</security-constraint>

<login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>ApplicationRealm</realm-name>
</login-config>                

Create jboss-web.xml

<jboss-web>
    <security-domain>java:/jaas/other</security-domain>
</jboss-web>                                            

Add authentication credentials to the client

ExamCloudsImplService service = new ExamCloudsImplService();
ExamClouds port = service.getExamCloudsImplPort();

BindingProvider prov = (BindingProvider) port;
prov.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "newuser");
prov.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "new");

System.out.println(port.getSiteName());
System.out.println(port.getSiteDescription());

 

Read also: Курсы программирования Java с нуляJava тесты онлайнВопросы на собеседовании по Java.

Комментарии