I have quite simple task to accomplish – I have to set up the security for web services ( basic authentication with hardcoded in WLES user id and password). I set the web.xml (see code fragment below) but I have tough time configuring WebLogic. I added IdentityAssertionAuthenticator Authentication Provider, set it as Required, modified DefaultAuthenticator as Optional and I went to deployed application’s security and set the role to “thisIsUser” and at some point it worked, but not anymore (I redeployed war file and set web service security the same way but no avail.) I’d greatly appreciate for all your help.
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="PC3-WS" version="2.5">
<display-name>PC3-WS</display-name>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<security-constraint>
<display-name>SecurityConstraint</display-name>
<web-resource-collection>
<web-resource-name>PC3-WS</web-resource-name>
<url-pattern>/PC3-WS</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>basicGroup</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-role>
<role-name>basicGroup</role-name>
</security-role>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>myrealm</realm-name>
</login-config>
</web-app>
weblogic.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="PC3-WS" version="2.5">
<display-name>PC3-WS</display-name>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<security-constraint>
<display-name>SecurityConstraint</display-name>
<web-resource-collection>
<web-resource-name>PC3-WS</web-resource-name>
<url-pattern>/PC3-WS</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>basicGroup</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-role>
<role-name>basicGroup</role-name>
</security-role>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>myrealm</realm-name>
</login-config>
</web-app>
The list of authenticators:
- DefaultAuthenticator
- DefaultIdentityAssert
Now I have exception:
WS spec-version:2.5], request: weblogic.servlet.internal.ServletRequestImpl@23e1aca[
GET /PC3-WS/MetadataService?WSDL HTTP/1.1
User-Agent: Java1.6.0_22
Accept: text/html, image/gif, image/jpeg, */*; q=.2
Connection: Keep-Alive
]] Root cause of ServletException.
java.lang.NullPointerException
at weblogic.wsee.jaxws.JAXWSDeployedServlet.init(JAXWSDeployedServlet.java:45)
at javax.servlet.GenericServlet.init(GenericServlet.java:241)
at weblogic.servlet.internal.StubSecurityHelper$ServletInitAction.run(StubSecurityHelper.java:283)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
Truncated. see log file for complete stacktrace
>
java.lang.RuntimeException: weblogic.testclient.WsdlParseFailedException: Unable to parse WSDl at: http://192.168.1.3:7001/PC3-WS/MetadataService?WSDL
at weblogic.testclient.ConnectionState.createWsdl(ConnectionState.java:69)
at Controller.refreshWsdl(Controller.java:641)
at Controller.begin(Controller.java:451)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.beehive.netui.pageflow.FlowController.invokeActionMethod(FlowController.java:879)
at org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:809)
at org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:478)
at org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java:306)
at org.apache.beehive.netui.pageflow.FlowController.execute(FlowController.java:336)
at org.apache.beehive.netui.pageflow.internal.FlowControllerAction.execute(FlowControllerAction.java:52)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:2044)
at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:91)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2116)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:556)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:853)
at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:631)
at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:158)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:183)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.doIt(WebAppServletContext.java:3683)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3650)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused by: weblogic.testclient.WsdlParseFailedException: Unable to parse WSDl at: http://192.168.1.3:7001/PC3-WS/MetadataService?WSDL
at weblogic.testclient.ConnectionState.createWsdlFromHttpUrl(ConnectionState.java:199)
at weblogic.
testclient.ConnectionState.createWsdl(ConnectionState.java:60)
… 38 more
This is the way to secure a Web Service with basic HTTP Auth, in WLES 10.3.3.
In WLES Admin Console go to Security Realm –> MyRealm and create:
New user: user/12345678
New group: basicGroup
Add the user to the group
In web.xml add the security settings (path, basic type):
In weblogic.xml map the application role with server role (it is mandatory):
Build and deploy application.
Restart WLES.
You can test with SoapUI, passing userId and password in lower section called “Authentication and Security-related settings”
Go to File–>Preferences and in “HTTP Settings” check “Authenticate Preemptively”
Now you can run your web services from soapUI.