Basic authentication for JAX-WS and JAX-RS
The authentication configuration remains the same for JAX-WS and JAX-RS.
We need to give the JAX-WS or JAX-RS URL in <web-resource collection>
can be basic. The container would come with a form for the user to enter the username and password.
Authentication handled by container
We will first create a web service and then make the container handle the security on it.
Let's create an interface which will expose the service
method and then declare an implementation
Let's use Tomcat 6.0 to demonstrate this.
Getting ready
- In Eclipse-Indigo, create a dynamic web project
- Server: Tomcat 6
- JARs to be added to Tomcat
folder: https://jax-ws.java.net/2.2.7/ - Download the project and copy the
How to do it...
- Create an
and animplementation
class. Add the@WebService
annotations to it. Create a package namedcom.packt.ws
. Create an interface namedEmployeeProfile
and animplementation
package com.packt.ws; import javax.jws.WebMethod; import javax.jws.WebService; import javax.jws.soap.SOAPBinding; import javax.jws.soap.SOAPBinding.Style; @WebService @SOAPBinding(style = Style.RPC) public interface EmployeeProfile { @WebMethod String getSalary(); }
package com.packt.ws; import javax.jws.WebService; import javax.jws.WebMethod; import javax.jws.WebService; @WebService(endpointInterface = "com.packt.ws.EmployeeProfile") public class EmployeeProfileImpl implements EmployeeProfile { @Override public String getSalary() { return "no salary for the month"; } }
- Also add the
file underWEB-INF
<?xml version="1.0" encoding="UTF-8"?> <endpoints xmlns="http://java.sun.com/xml/ns/jax-ws/ri/runtime" version="2.0"> <endpoint name="EmployeeProfile" implementation="com.packt.EmployeeProfileImpl" url-pattern="/employee"/> </endpoints>
- Modify the
file as shown:<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5"> <display-name>JAX-WS-Authentication-Tomcat</display-name> <listener> <listener-class> com.sun.xml.ws.transport.http.servlet.WSServletContextListener </listener-class> </listener> <servlet> <servlet-name>employee</servlet-name> <servlet-class> com.sun.xml.ws.transport.http.servlet.WSServlet </servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>employee</servlet-name> <url-pattern>/employee</url-pattern> </servlet-mapping> <security-role> <description>Normal operator user</description> <role-name>operator</role-name> </security-role> <security-constraint> <web-resource-collection> <web-resource-name>Operator Roles Security</web-resource-name> <url-pattern>/employee</url-pattern> </web-resource-collection> <auth-constraint> <role-name>operator</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> </login-config> </web-app>
- Authenticate the web services. Edit the
file and add this toserver.xml
:<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
How it works...
By accessing the following URL, you should be prompted for a login.
Each web service URL is authenticated.
You will be prompted with a login page (http://localhost:8080/EmployeeProfile/employee
See also
- The Enabling and disabling the file listing recipe