Tuesday, January 04, 2005

[cookbook] basic authorization of web services

Web services can use the common security realms to support per unit call authorization
support. This behaves identically to form based challenge and response but is
authorized on a per unit call basis. This example assumes that the web service
/services/StatelessService has been configured and is available to a client, but that authorization has not been enabled. This example also assumes that the security
realm has been enabled with a user principal with the needed roles for authorization.


1. Begin by specifying the web deployment descriptor (web.xml) for the web
application in which you will deploying your web service. This will restrict
the authorization to the web service.




<security-constraint>
<web-resource-collection>
<web-resource-name>private stateless web service</web-resource-name>
<url-pattern>/services/StatefulService</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>webserviceuser</role-name>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
<realm-name>noiSecurityRealm</realm-name>
</login-config>
<security-role>
<role-name>webserviceuser</role-name>
</security-role>
<security-role>
<role-name>webuser</role-name>
</security-role>
<security-role>
<role-name>admin</role-name>
</security-role>


2. Enable the client call.

The client unit call needs to support the user principle and passord attributes
to be passed in BASIC authorization for the security realm.



package com.noi.mailservice.web.clients;

import org.apache.axis.client.*;
import org.apache.axis.*;
import org.apache.axis.encoding.XMLType;
import org.apache.axis.utils.Options;

import org.apache.axis.transport.http.*;
import org.apache.axis.deployment.wsdd.*;
import org.apache.axis.attachments.*;
import javax.xml.parsers.*;
import org.w3c.dom.*;
import org.xml.sax.*;
import org.apache.axis.encoding.ser.*;
import javax.activation.*;

import java.net.*;
import java.io.*;

import javax.xml.namespace.QName;
import javax.xml.rpc.ParameterMode;

import javax.xml.rpc.ParameterMode;

import com.noi.utility.data.*;

import com.noi.mailservice.web.bl.*;

import javax.imageio.ImageIO;
import java.awt.image.BufferedImage;

public class StatefulServiceClient
{
private static final boolean stateful = true;

public static void main(String [] args)
{
try {

String username = args[0];
String password = args[1];

Options options = new Options(args);

String endpointURL = options.getURL();
String configURL = "http://meis:8080/axisservices/wsdd/statefulclient-deploy.wsdd";
String textToSend;

args = options.getRemainingArgs();
if ((args == null) || (args.length < 1)) {
textToSend = "";
} else {
textToSend = args[0];
}

Service service = new Service();

//configure the stateful client engine
AxisEngine engine = service.getEngine().getClientEngine();

//get the configuration document
URL configresource = new URL(configURL);
XMLDocumentReader reader = new XMLDocumentReader();
reader.parse(configresource);
Document doc = reader.getDocument();

Element element = doc.getDocumentElement();

//use the document to cofigure the client engine
WSDDDocument wsddDoc = new WSDDDocument(element);
EngineConfiguration config = (EngineConfiguration)engine.getConfig();
if ( config instanceof WSDDEngineConfiguration) {
WSDDDeployment deployment = ((WSDDEngineConfiguration)config).getDeployment();
wsddDoc.deploy(deployment);
}
engine.refreshGlobalOptions();
engine.saveConfiguration();

//send the image
DataHandler dh = new DataHandler(new FileDataSource("D:\\clay\\images\\self\\tantor23-1.jpg"));

Call call = (Call) service.createCall();

//add username and password properties
call.setProperty(Call.USERNAME_PROPERTY, username);
call.setProperty(Call.PASSWORD_PROPERTY, password);

call.setTargetEndpointAddress( new java.net.URL(endpointURL) );

call.setOperationName( new QName("StatefulService", "sendImage") );
QName qnDataHandler = new QName("StatefulService", "DataHandler");
call.registerTypeMapping(
DataHandler.class,
qnDataHandler,
new org.apache.axis.encoding.ser.JAFDataHandlerSerializerFactory(DataHandler.class, qnDataHandler),
new org.apache.axis.encoding.ser.JAFDataHandlerDeserializerFactory(DataHandler.class, qnDataHandler)
);

call.addParameter( "dh", qnDataHandler, ParameterMode.IN);

call.setReturnType( qnDataHandler );
DataHandler ret = (DataHandler)call.invoke( new Object[] { dh } );


} catch (Exception e) {
System.err.println(e.toString());
e.printStackTrace();
}

}
}

No comments: