Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / General / May 2005

Tip: Looking for answers? Try searching our database.

jax-rpc web.xml getting overwritten?

Thread view: 
Enable EMail AlertsStart New Thread
jodasi - 16 May 2005 18:07 GMT
Hi. I have written a full fledged webservice, based on your simple
hello sample.

The thing is that I need to add to the servlet section of the web.xml
the following lines.

       <init-param>
           <param-name>user</param-name>
           <param-value>me</param-value>
           <param-name>password</param-name>
           <param-value>pw</param-value>
           <param-name>database</param-name>
           <param-value>someconnection</param-value>
       </init-param>

The problem is that when I run the build file, the before web.xml has
no servlet in it.

How do I get those lines into the web.xml, and get them to stay there?
I tried to find some properties in the wscompile and the wsdeploy, and
the config.xml, and the -ri.xml file. But there is no indication on how
to do that.

Can some one give me some advice???
Reply to this Message
iksrazal@terra.com.br - 16 May 2005 23:20 GMT
> Hi. I have written a full fledged webservice, based on your simple
> hello sample.
[quoted text clipped - 20 lines]
>
> Can some one give me some advice???

What you probably want are Handlers, ie the Handle interace, which can
load params and is typically the place for authentication. This config
is for Axis, but handlers are part of Java:

<deployment name="whitezone" xmlns="http://xml.apache.org/axis/wsdd/"
   xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">

 <!-- XML Signature handler -->
 <handler name="ServiceHandler"
          type="java:org.apache.axis.handlers.JAXRPCHandler">
   <parameter name="scope" value="session"/>
   <parameter name="className"
value="gov.infoseg.mr.xtservices.ServiceHandler"/>
   <parameter name="host" value="xtrans"/>
   <parameter name="verbose" value="off"/>
 </handler>

 <service name="urn:mandados-resposta" provider="java:RPC">
   <parameter name="className"
value="gov.infoseg.mr.xtservices.WSDetalhesMandados"/>
   <parameter name="allowedMethods" value="*"/>

   <requestFlow>
     <handler type="soapmonitor"/>
     <handler type="ServiceHandler"/>
   </requestFlow>
   <responseFlow>
     <handler type="ServiceHandler"/>
     <handler type="soapmonitor"/>
   </responseFlow>

 </service>
</deployment>

See the 'verbose'and 'host'?

HTH,
iksrazal
http://www.braziloutsource.com/
Reply to this Message
iksrazal@terra.com.br - 17 May 2005 12:24 GMT
Looking at this some more, you probably want a different user per
client call, of course. Same concept, put you pass a hashmap to the
client handler and/or server side handler. Sorta like:

     this.handlerConfig = new HashMap();
     this.handlerConfig.put("elementToEncrypt", elementToEncrypt);
     this.handlerConfig.put("verbose", verbose);
     //add ClientHandler to chain of events
     java.util.List list =
svc.getHandlerRegistry().getHandlerChain(portQN);
     list.add(new
javax.xml.rpc.handler.HandlerInfo(ClientHandler.class,this.handlerConfig,null));

     The server side handler would pick up the same config, as
demonstrated in the other post. I do the user/password with JAAS, and
so for security reasons I place them in the call itself:

     call.setUsername(LDAPUserName);
     call.setPassword(LDAPUserPassword);

     ret = (String) call.invoke( new Object[] { in } );

and in both my client and server handler, I do:

 public boolean doLDAPLogin(javax.xml.rpc.handler.MessageContext
javaxcontext)
 {
   try
   {
     org.apache.axis.MessageContext mc =
(org.apache.axis.MessageContext) javaxcontext;
     //set jass config parameter on every call to prevent environment
hell

System.getProperties().setProperty("java.security.auth.login.config",
this.jaas_prop);
     // login user via JAAS
     CallbackHandler callbackHandler = new WSSCallbackHandler(mc,
this.host);
     LoginContext lc = new LoginContext(securityDomain,
callbackHandler);
     lc.login();
     Fwlog.debug(this, Fwlog.WI, "User logged in successfully: " +
mc.getUsername());

     // Get instance from singleton
     WSSecurityManager wsm = WSSecurityManager.getInstance();
     // Get get X509 certificate needed to sign message
     this.cert = wsm.getCert(mc.getUsername());
     // Get PrivateKey needed to sign X509 Certificate
     this.privateKey = wsm.getPrivateKey(mc.getUsername());
     // Get SecretKey needed to encrypt/decrypt message
     this.secretKey = wsm.getSecretKey(mc.getUsername());
     Fwlog.debug(this, Fwlog.WI, "Got cert, pk and sk for user: " +
mc.getUsername());
     return true;
   }
   catch (Exception e)
   {
     Fwlog.error(this, Fwlog.WI, "ServiceHandler::doLDAPLogin --
Exception: ");
     Fwlog.error(this, Fwlog.WI, e);
     return false;
   }
 }

Getting access to your hasmap is like:

public void init(HandlerInfo config)
 {
   Fwlog.debug(this, Fwlog.WI, "ClientHandler: init ...");
   try
   {
     jaas_prop = System.getProperty("jaas.prop");
     if (null == jaas_prop)
     {
       throw new IllegalStateException("jaas_prop not set, must point
to login config file 'wssDomain.cfg' needed for
java.security.auth.login.config");
     }

     Map configProps = config.getHandlerConfig();

     if (configProps.containsKey("elementToEncrypt"))
     {
       elementToEncrypt = (String)configProps.get("elementToEncrypt");
     }
     else
     {
       throw new IllegalStateException("Handler chain config property
missing: elementToEncrypt");
     }

     if (configProps.containsKey("host"))
     {
       host = (String)configProps.get("host");
     }
     else
     {
       throw new IllegalStateException("Handler chain config property
missing: host");
     }

     if (configProps.containsKey("verbose"))
     {
       String verbose = (String)configProps.get("verbose");
       if (verbose.equalsIgnoreCase("on"))
       {
         debug = true;
       }
       else if (verbose.equalsIgnoreCase("off"))
       {
         debug = false;
       }
       else
       {
         throw new IllegalStateException("verbose config property not
'on' or 'off': " + verbose);
       }
     }
     else
     {
       throw new IllegalStateException("Handler chain config property
missing: verbose");
     }
   }
   catch (Exception e)
   {
     Fwlog.error(this, Fwlog.WI, e);
     throw new JAXRPCException(e.toString(), e);
   }
 }

HTH,
iksrazal
http://www.braziloutsource.com
Reply to this Message
jodasi - 30 May 2005 21:43 GMT
thank you very much for the suggestion. I will try to implement it.
Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.