Basic authentication for JAX-WS and JAX-RS
The authentication configuration remains the same for JAX-WS and JAX-RS.
We need to give the JAX-WS or JAX-RS URL in <web-resource collection>
.
Auth_type
can be basic. The container would come with a form for the user to enter the username and password.
Authentication handled by container
We will first create a web service and then make the container handle the security on it.
Let's create an interface which will expose the service
method and then declare an implementation
class.
Let's use Tomcat 6.0 to demonstrate this.
Getting ready
- In Eclipse-Indigo, create a dynamic web project
- Server: Tomcat 6
- JARs to be added to Tomcat
lib
folder: https://jax-ws.java.net/2.2.7/ - Download the project and copy the
lib
folder
How to do it...
- Create an
interface
and animplementation
class. Add the@WebService
annotations to it. Create a package namedcom.packt.ws
. Create an interface namedEmployeeProfile
and animplementation
Class:Interface:
package com.packt.ws; import javax.jws.WebMethod; import javax.jws.WebService; import javax.jws.soap.SOAPBinding; import javax.jws.soap.SOAPBinding.Style; @WebService @SOAPBinding(style = Style.RPC) public interface EmployeeProfile { @WebMethod String getSalary(); }
Implementation:
package com.packt.ws; import javax.jws.WebService; import javax.jws.WebMethod; import javax.jws.WebService; @WebService(endpointInterface = "com.packt.ws.EmployeeProfile") public class EmployeeProfileImpl implements EmployeeProfile { @Override public String getSalary() { return "no salary for the month"; } }
- Also add the
sun-jaxws.xml
file underWEB-INF
<?xml version="1.0" encoding="UTF-8"?> <endpoints xmlns="http://java.sun.com/xml/ns/jax-ws/ri/runtime" version="2.0"> <endpoint name="EmployeeProfile" implementation="com.packt.EmployeeProfileImpl" url-pattern="/employee"/> </endpoints>
- Modify the
web.xml
file as shown:<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5"> <display-name>JAX-WS-Authentication-Tomcat</display-name> <listener> <listener-class> com.sun.xml.ws.transport.http.servlet.WSServletContextListener </listener-class> </listener> <servlet> <servlet-name>employee</servlet-name> <servlet-class> com.sun.xml.ws.transport.http.servlet.WSServlet </servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>employee</servlet-name> <url-pattern>/employee</url-pattern> </servlet-mapping> <security-role> <description>Normal operator user</description> <role-name>operator</role-name> </security-role> <security-constraint> <web-resource-collection> <web-resource-name>Operator Roles Security</web-resource-name> <url-pattern>/employee</url-pattern> </web-resource-collection> <auth-constraint> <role-name>operator</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> </login-config> </web-app>
- Authenticate the web services. Edit the
tomcat-users.xml
file and add this toserver.xml
:<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
How it works...
By accessing the following URL, you should be prompted for a login.
Each web service URL is authenticated.
You will be prompted with a login page (http://localhost:8080/EmployeeProfile/employee
)
See also
- The Enabling and disabling the file listing recipe