Announcement Announcement Module
Collapse
No announcement yet.
Secured HttpInvoker service Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Secured HttpInvoker service

    Hey,

    I'm trying to create a secured service with HttpInvoker.
    I've created my service and I've exposed it as a web service with HttpInvoker.
    I've defined an interceptor like this :
    Code:
    <bean id="defaultHandlerMapping"
    		class="org.springframework.web.servlet.handler.BeanNameUrlHandlerMapping" >	
    		<property name="interceptors">
    			<list>
    				<ref bean="authorizationInterceptor"/>
    			</list>
    		</property>
    	</bean>
    
    	<bean id="authorizationInterceptor"
    		class="org.springframework.web.servlet.handler.UserRoleAuthorizationInterceptor">
    		<property name="authorizedRoles">
    			<list>
    				<value>mcip</value>
    			</list>
    		</property>
    	</bean>
    On the client side, I need to define the right user/password to be able to call my web service. I use the commons library like this :

    My client configuration
    Code:
    	<bean id="newsManager"
          	      class="org.springframework.remoting.httpinvoker.HttpInvokerProxyFactoryBean">
          		<property name="serviceUrl" value="http://parw00074243:8080/mcipweb/NewsManager.do"/>
    		<property name="serviceInterface" value="com.bnpp.mcip.news.NewsManager"/>
    		<property name="httpInvokerRequestExecutor">
    			<bean name="httpInvokerRequestExecutor" class="com.bnpp.mcip.http.SimpleAuthExecutor">
    				<property name="username" value="mcip"/>
    				<property name="password" value="mcip"/>
    				<property name="host" value="parw00074243"/>
    				<property name="port" value="8080"/>
    				<property name="realm" value="UserDatabase"/>
    			</bean>
    		</property>
    	</bean>
    My SimpleAuthExecutor
    Code:
    public class SimpleAuthExecutor extends CommonsHttpInvokerRequestExecutor {
    
        private String username;
    
        private String password;
    
        private boolean httpClientStateSet = false;
    
        private String realm;
    
        private String host;
    
        private int port;
    
        public void setUsername(String username) {
            this.username = username;
            this.httpClientStateSet = false;
        }
    
        public synchronized void setPassword(String password) {
            this.password = password;
            this.httpClientStateSet = false;
        }
    
        public synchronized void setRealm(String realm) {
            this.realm = realm;
            this.httpClientStateSet = false;
        }
    
        public synchronized void setHost(String host) {
            this.host = host;
            this.httpClientStateSet = false;
        }
    
        public synchronized void setPort(int port) {
            this.port = port;
            this.httpClientStateSet = false;
        }
    
        protected RemoteInvocationResult doExecuteRequest(    		
                final HttpInvokerClientConfiguration config,
                final ByteArrayOutputStream baos) throws IOException,
                ClassNotFoundException {
        	System.out.println("call executor.......");
            synchronized (this) {
                if (!this.httpClientStateSet) {
                    final HttpClient client = getHttpClient();
                    final URI uri;
                    try {
                        uri = new URI(config.getServiceUrl(),false);
                    } catch (URIException e) {
                        final IOException ioe = new IOException();
                        ioe.initCause(e);
                        System.out.println("Error URI.....");
                        throw ioe;
                    }
                    if (username != null && password != null) {
                        client.getState()
                                .setCredentials(
                                        new AuthScope(host, port, realm),
                                        new UsernamePasswordCredentials(username,
                                                password));
    
                        /*
                         * This is to make HttpClient pick the Basic authentication
                         * scheme over NTLM & Digest
                         */
                        List authPrefs = new ArrayList(3);
                        authPrefs.add(AuthPolicy.BASIC);
                        authPrefs.add(AuthPolicy.NTLM);
                        authPrefs.add(AuthPolicy.DIGEST);
                        client.getParams().setParameter(
                                AuthPolicy.AUTH_SCHEME_PRIORITY, authPrefs);
                        client.getParams().setAuthenticationPreemptive(true);
                    } else {
                        throw new NullPointerException(
                                "Username and Password cannot be null");
                    }
                    this.httpClientStateSet = true;
                }
            }
            System.out.println("call super executor.......");
            return super.doExecuteRequest(config, baos);
        }
    }
    Under Tomcat, I've activated the "UserDatabase" realm which uses tomcat-users.xml and I've defined the role "mcip" and a user "mcip" with the password "mcip".

    The problem is that I receive a 403 error when I call my web service ! :-(
    Do I miss something ?

    Thanks.
Working...
X