Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Remote Application Platform (RAP) » Authentication for WebServices (Glassfish)
Authentication for WebServices (Glassfish) [message #905011] Wed, 29 August 2012 14:52 Go to next message
Daniel Zimmermann is currently offline Daniel ZimmermannFriend
Messages: 70
Registered: July 2009
Member
Hi,

for quite some time I'm maintaining an RCP application (in other words a desktop application) that is doing its authentication to a SOAP WebService (Glassfish 2.1 - I hate this one, though, but don't had the chance yet, to replace it) via a simple extension of the Authentication class, using server side Basic Authentication.

Now I decided, that it would be nice to create a proof of concept for a Web Application - and since I'm used to SWT/RCP, I thought RWT/RAP would be the fastest approach.

I'm aware of all the FileUpload and -Download stuff and have already studied the FAQ, but the FAQ is a little thin when it comes to the security stuff, so right now I have now idea how to create some kind of a Login mechanism.

I already have a running RAP prototype with session model and - before the workbench is created - a Login-Dialog is presented, but I don't know how to integrate the credentials from the dialog into a valid SOAP WebService call, which I can use to check, if the credentials are correct.

Can you give me some advice, please?
If the information I gave to you, where a wee bit thin, please aks for more. Everytime when I create a thread I'm uncertain if all the needed information ar included in my questions and statements.

Thank you very much!
Daniel
Re: Authentication for WebServices (Glassfish) [message #905711 is a reply to message #905011] Thu, 30 August 2012 23:50 Go to previous messageGo to next message
Chris Fairhall is currently offline Chris FairhallFriend
Messages: 102
Registered: February 2011
Senior Member
I fail to see how the File Upload has anything to do with making SOAP calls. You should be able to do the same authentication in RAP as you're doing with RCP.
Re: Authentication for WebServices (Glassfish) [message #905916 is a reply to message #905011] Fri, 31 August 2012 10:02 Go to previous messageGo to next message
Daniel Zimmermann is currently offline Daniel ZimmermannFriend
Messages: 70
Registered: July 2009
Member
The File Up- and -Download was just mentioned because of it's better description. Please don't be confused about it.

Of course the authentication is working the same with RAP as it does with RCP.
But when using a Authenticator and running the RAP application in a singleton context, the first users creadentials, that is making a web service call, are cached by the application and will be used for any other user. That means all future calls are done with the credentials of the first user. My last test with the Authenticator indicates, that tryig to change its content (the credetials) has no effect at all.

I know, that I could manipuate the HTTP-Header somehow, but failing to do so in my attempts with the generated classes (wsimport). The appropriate HandlerChain is obviously never triggered.

My thought was, that I'm pretty sure there are some Eclipse related authentication / security means that could come in handy considering the authentication for each call.

I hope that clarifies the issue...
Re: Authentication for WebServices (Glassfish) [message #906889 is a reply to message #905916] Sun, 02 September 2012 21:53 Go to previous messageGo to next message
Chris Fairhall is currently offline Chris FairhallFriend
Messages: 102
Registered: February 2011
Senior Member
In a previous project I worked on I had to deal with calling wsimport generated webservices while applying user authentication via soap headers. I don't have access to the code anymore so this is just from memory:

The authentication class had a thread local to store credentials. The method wrapping the web service call sets the credentials on the thread local, calls them method then clears them out in a finally block. I forget exactly how but the instance of the authentication class was registered as some kind of interceptor for the JRE's default jax-ws implementation.

There is probably a some way for some kind of interceptor to be registered that has access to the http client before the request is sent, to set http header.
Re: Authentication for WebServices (Glassfish) [message #907065 is a reply to message #905916] Mon, 03 September 2012 08:34 Go to previous messageGo to next message
Daniel Zimmermann is currently offline Daniel ZimmermannFriend
Messages: 70
Registered: July 2009
Member
Hi Chris,

thanks for the energy you gave into that issue. AFAIK the only interceptor for jax-ws is the handler chain - either attached directly to the service class or to the binding provider. In my case both approaches are not triggered at all - at least while debugging them I never recognised something.
Mybe I'm just missing something. I've read somewhere that there is an annotation ( @HandlerChain ) for adding handlers in a declarative way (via XML)... I will try to digg into this and keep everyone informed, if this works or not (even if you don't want to know it Wink )

Cheers,
Daniel
Re: Authentication for WebServices (Glassfish) [message #907367 is a reply to message #907065] Mon, 03 September 2012 21:18 Go to previous message
Chris Fairhall is currently offline Chris FairhallFriend
Messages: 102
Registered: February 2011
Senior Member
There are also no end of issues using JAX-WS when you're contending with the implementation built in to the JRE and a later version. You need to make sure you know which one is being used at runtime as all the options and vendor specific property names have the package name in them. The JRE implementation is com.sun.xml.ws.internal.... the sun jaxws-impl jar is com.sun.xml.ws... with no "internal" package. Basically, if you set the properties with the constants from the external jar and is uses the JRE impl at runtime, they won't be picked up.
Previous Topic:Change 404 error page when deploy with Jetty inside Equinox
Next Topic:RAP 1.5 GUI testing
Goto Forum:
  


Current Time: Mon Dec 22 09:26:01 GMT 2014

Powered by FUDForum. Page generated in 0.02343 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software